$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On October 1, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: Physician’s Business Office

NOTICE: If you received a NOTICE OF DATA BREACH letter from Physician’s Business Office, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.

Data Breach AlertOn September 23, 2022, Physician’s Business Office (“PBO”) filed notice of a data breach with several Attorney General Offices after the company learned that an unauthorized party had gained access to the PBO computer system. Based on the company’s official filing, as well as information provided in a notice posted on the PBO website, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, dates of birth, Social Security numbers, driver’s license numbers, protected health information and health insurance account information. After confirming that consumer data was leaked, PBO began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the PBO data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from the Physician’s Business Office.

What We Know So Far About the Physician’s Business Office Breach

The available information regarding the Physician’s Business Office breach comes from the company’s filings with various state Attorney General offices, in addition to a notice posted on its website. According to these sources, PBO detected unusual activity within its computer network in April 2022.  In response, the Physician’s Business Office secured its system and hired an independent digital forensics and incident response firm to assist in the company’s investigation.

This investigation confirmed that the unauthorized party had gained access to the company’s IT network and potentially acquired sensitive patient data.

Upon discovering that sensitive consumer data was made available to an unauthorized party, the Physician’s Business Office began to review the affected files to determine what information was compromised and which consumers were impacted. The company completed this process on June 30, 2022. While the breached information varies depending on the individual, it may include your name, address, date of birth, Social Security number, driver’s license number, medical treatment and diagnosis information, disability code, prescription information and health insurance account information.

On September 23, 2022, Physician’s Business Office sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. The company estimates that 196,573 patients were impacted by the breach.

More Information About Physician’s Business Office

Founded in 1997, Physician’s Business Office is a medical billing company and physician practice management company based in Parkersburg, West Virginia. The company currently serves more than 60 healthcare providers in the hospital, office, nursing home and behavioral health settings. PBO provides its customers with a range of services, including revenue cycle management, electronic medical record management, practice consultation, and management services. Physician’s Business Office employs more than 25 people and generates approximately $5 million in annual revenue.

Should You Be Concerned About a Data Breach Affecting Your Protected Health Information?

The Physician’s Business Office data breach resulted in a tremendous amount of patient information being leaked. Among the compromised data was patients’ Social Security numbers, as well as “medical treatment and diagnosis information, disability code, prescription information and health insurance account information.” The fact that patients’ medical information was leaked along with their Social Security numbers means that there is a high likelihood the data was considered “protected health information.”

Protected health information has been a favorite target of hackers in 2022. In fact, more than 2 million people have had their PHI compromised this year alone. As cybercriminals and other bad actors continue to focus their efforts on obtaining patients’ protected health information, it is incredibly important for victims of a healthcare data breach to understand what is at risk and what their options are.

The first step is understanding what is meant by “protected health information.” Protected health information, or PHI, refers to test and laboratory results, medical history information, demographic information, mental health information, insurance information and any other data that doctors and other healthcare workers collect to identify a patient and determine the appropriate treatment. For example, lab results, MRI and CT scan results, and your current list of medications could all be considered PHI.

The collection and use of PHI are governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). However, not all healthcare-related data is considered “protected” under HIPAA – it must contain at least one identifier to qualify as PHI.

HIPAA provides 18 identifiers, some of which include a patient’s:

  • Name;
  • Address (anything smaller than a state);
  • Social security number;
  • Dates (more specific than just a year) related to an individual, such as a patient’s birthdate, admission date, etc.;
  • Email address;
  • Phone number;
  • Medical record number;
  • Account number;
  • Internet protocol (IP) address;
  • Biometric IDs, such as a fingerprint or voice print;
  • Full-face photographs and other photos of identifying characteristics; and
  • Any other unique identifying characteristic.

Given the personal nature of this information, healthcare data breaches are very concerning regardless of any potential misuse of the data. However, aside from privacy concerns, patients are also at risk of financial—and even physical—harm. Hackers who obtain protected health information may attempt to obtain medical care in the victim’s name or sell the information to another party who plans on doing the same. This not only leaves the victim responsible for the bill but can also lead to someone else’s information getting mixed up in the victim’s medical records.

Those who believe their protected health information was compromised in a data breach should reach out to an experienced data breach lawyer to learn more about how to protect themselves and whether they can bring a claim for compensation against the organization responsible for the breach.

If You Have Questions About Your Rights Following the Physician’s Business Office Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the PBO data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

Below is a copy of the initial data breach letter issued by the Physician’s Business Office (the actual notice sent to consumers can be found here):

Dear [Redacted],

Physician’s Business Office, Inc. (“PBO”) a Parkersburg, West Virginia-based company that provides medical practice management and administrative services for healthcare providers, has learned of a data security incident that may have impacted protected health information of certain individuals.  PBO has notified potentially impacted individuals of the incident and has provided resources to assist them.

In April 2022, PBO became aware of unusual activity in its network environment. PBO immediately took steps to secure its network and hired an independent digital forensics and incident response firm to assist.  PBO determined that certain information stored on its network was accessed and potentially acquired without authorization during the incident, including certain protected health information maintained by PBO in the course of its services.  PBO then worked diligently to review the potentially affected data to identify the individuals who may have been impacted and the healthcare providers on whose behalf the information was maintained.  PBO completed those efforts on June 30, 2022 and provided notice of the incident to the relevant healthcare providers on July 26, 2022.  After coordinating with the providers regarding notification, PBO worked to collect current mailing addresses for all potentially impacted individuals.  PBO completed that process on September 16, 2022 and arranged to issue notification letters as soon as possible thereafter.  On September 23, 2022, notification was provided to all potentially impacted individuals along with resources to assist them, including complimentary credit monitoring and identity protection services.

The following protected health information may have been involved in the incident: name, home address, date of birth, Social Security number, driver’s license number, medical treatment and diagnosis information, disability code, prescription information and health insurance account information.  PBO has no evidence that any of this information has been misused.

PBO takes the security of its information very seriously and has taken steps to help prevent a similar event from occurring in the future.

PBO has established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives can be reached at 1-833-423-2939.

The privacy and protection of personal information is a top priority for PBO, and PBO regrets any inconvenience or concern this incident may cause.

NOTICE: If you received a NOTICE OF DATA BREACH letter from Physician’s Business Office, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.