Fast Track Urgent Care, a network of urgent healthcare clinics based in Florida, has recently announced that it has experienced a data breach affecting 259,411 individuals. The data breach is the result of a ransomware attack launched on the network’s billing and management vendor, PracticeMax. The information potentially accessed by the malicious actor includes names, passport numbers, driver’s license numbers, date of births, health insurance information, Social Security numbers, and financial information.
On May 1, 2021, the PracticeMax identified suspicious activity within its network. An investigation was launched and determined that ransomware has been installed on its network. The malicious actors had gained access to several of the vendor’s email accounts, to which data was taken and encrypted. The vendor confirmed that its systems had been compromised between April 17 and May 5, 2021.
Several of PracticeMax’s healthcare clients were impacted by the incident, including Humana and Anthem Inc. In February 2022, both of the health insurance companies publicly acknowledged the incident, after PracticeMax had reported breach at the end of 2021. Fast Track Urgent Care maintains that the vendor had initially informed it about the ransomware attack on May 10, 2021, however, at that stage of the investigation, it was still unknown whether any of its patient’s personal information had been accessed or stolen.
Fast Track Urgent Care was then notified by PracticeMax that patient data could have been affected, but the management vendor could not confirm whether the customer and patient information had been accessed. On June 6, 2022, PracticeMax finally confirmed that patient information had been accessed in the data breach. The vendor has promised to provide credit monitoring and identity theft protection services free of charge to members. PracticeMax will also send notification letters to individuals potentially impacted by the breach on behalf of Fast Track Urgent Care. PracticeMax has taken multiple actions to address the security issues. The vendor has reviewed policies and procedures and implemented new security measures to further protect the data on its systems.