CentroMed, a healthcare provider in San Antonio, TX, has disclosed its second cyberattack in a year, confirming a breach that compromised the personal information of patients. The incident, revealed on CentroMed’s website, occurred when unusual activity was detected within its IT network on May 1, 2024. An investigation found that an unidentified third party gained access to the network on April 30, 2024, and accessed files containing the protected health information (PHI) of current and former patients.
The compromised data included patient names, addresses, dates of birth, Social Security numbers, financial account information, medical record numbers, health insurance details, and diagnosis and treatment information. Despite the breach, CentroMed has not disclosed the number of affected individuals, and the incident has not yet appeared on the OCR data breach portal or the Texas Attorney General’s website.
CentroMed promptly initiated steps to secure its networks and data, along with implementing additional safeguards and technical security measures to protect and monitor its systems. Affected patients have been advised to scrutinize their statements, report any unrecognized services to their healthcare provider, and monitor their financial accounts for unusual activity. However, there is no mention in the notification letters of credit monitoring or identity theft protection services being offered to affected individuals.
