Two breaches Incidents Smash Beverly Hills physician practice

Two breach tragedies have compromised records at Advanced ENT Head and Neck Surgery, a Beverly Hills physician practice, Calif.-based practice with sufferers in 16 states and 4 countries.

The provider assumes that the incidents have potentially exposed the healthcare information of about 15,000 sufferers.

In one of the breaches reported to federal agencies in the month of late May, a contracted employee is considered to have taken photos of patients before and during surgeries, and copied and stolen patient records, claims Zain Kadri, MD, who leads the practice.

Data taken by the contract worker is said to involve credit and debit card information, identification documents, copies of checks, user names, passwords and recorded conversations, as well as data on the company.

Earlier in May, the practice was struck by a break-in at its facility in which paper records and data devices were taken. The loss of data and information from that first tragedy has complicated the practice’s response because it lost contact information for many of its patients, Kadri claims.

The practice is working with regional pharmacies and other companies in the medical community to locate contact information for its sufferers.

In the latest breach tragedy, the contract worker was using a corporate smartphone to acquire data; examination of the phone assisted in the discovery of the breach, law enforcement officials said.

The practice released the following information to sufferers to head off potential incidents in which callers might recognize themselves as working for the Beverly Hills physician practice provider. “If anyone contacts you, claiming to be from Advanced ENT Head & Neck Surgery, please get their name and call our main number; then, ask to speak to (that person) directly before continuing the conversation.”

The Beverly Hills physician practice also emphasized sufferers to change their credit and debit card numbers, review accounts for unauthorized transactions, notify banks if unauthorized purchases, withdrawals or cash advances are discovered, monitor credit reports and notify local law enforcement if they become a victim of fraud. The declaration of the breaches didn’t mention the offering of protective services to affected patients, and the agency didn’t respond to a request for extra information.