The Center for Autism and Attention Deficit Disorder (“CARD”) suffers a data breach after a vendor error caused a HIPAA violation
The Center for Autism and Attention Deficit Disorder (“CARD”) experienced a data breach on January 24 when “as part of a recent update to its patient billing systems, the third-party vendor responsible for generating patients and invoices incorrectly made a computer error that resulted in certain therapists being invoiced for services for a patient unrelated”.
The number of affected patients was not disclosed, but CARD reports that the problem was limited to the January 2023 billing statements for patient cost-sharing amounts.
The type of information involved reportedly included patient name, internal CARD reference number and payment history (insurance payments, patient payments, adjustments, account balance).
No credit card, debit card or bank details were disclosed. Also, no identifying personal data such as social security number, address, telephone number or e-mail address was disclosed.