By HFT Staff

Pioneer Valley Ophthalmic Consultants (PVOC) in Holyoke, Massachusetts, has recently notified 36,275 patients that some of their protected health information has been exposed and potentially stolen in two security incidents at third-party vendors, Alta Medical Management and ECL Group, LLC, which provide billing and accounting services. 

According to the May 22, 2023, breach notice, the incidents occurred in 2021. PVOC discovered on March 3, 2022, that malware had been installed on the servers of the vendors between November 13, 2021, and November 15, 2021. On May 11, 2022, PVOC learned that Alta’s online patient portal was vulnerable to unauthorized access to payment receipts until October 26, 2021. 

The information potentially compromised as a result of the malware incident included names, addresses, Social Security Numbers, payment card information and medical records. The unsecured patient portal allowed unauthorized access to names, email addresses, transaction dates and times, transaction ID numbers, statement numbers, the last four digits of payment cards/account numbers and any information entered into the comments field of the portal. 

PVOC said it is unaware of any actual or attempted misuse of the exposed information. Monitoring has been stepped up in response to the breaches and additional technical resources and security personnel have been onboarded. Affected individuals have been offered complimentary credit monitoring services.