U.S. medical billing provider DRS says cyber attack impacted over 585,000 patients

California-based healthcare revenue management services provider, Designed Receivable Solutions, said it experienced a data security incident that compromised the sensitive personal information of more than 585,000 individuals.

 

Headquartered in Cypress, California, DRS specialises in patient-centred and client-focused revenue cycle services. DRS works closely with healthcare providers to meet their needs throughout the accounts receivable cycle.

 

In a data breach notice filed with the Office of Maine Attorney General, DRS said that on January 22, it detected suspicious activity in its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to secure the affected network and notified law enforcement agencies.

 

“As a result of the investigation, DRSI learned that an unauthorised actor accessed certain files and data stored within our network,” the company said.

 

The compromised data included patients’ names, dates of birth, addresses, employer names, telephone numbers, email addresses, Social Security numbers, and payment-related information. For patients, the compromised data also included dates of service, provider names, clinic locations, service descriptions, medical record numbers, internal patient identification numbers, and diagnosis codes.

 

DRS has confirmed that its clients’ financial information, including credit card data, wasn’t compromised as a result of the incident. It also informed the Maine state regulator that the cyber security incident impacted at least 585,035 individuals.

 

“Upon detecting this incident, we deployed additional monitoring tools and will continue to enhance the security of our systems,” DRS added.

 

While DRS found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.