Pediatric Center Software Provider Reports Breach Affecting 2.2M

Connexin Software Inc., a company that supplies pediatric physician practice groups with electronic medical records and practice management software, recently acknowledged that it had been the target of a cyberattack in which an unauthorized third party had gained access to its internal computer network. On August 26, 2022, a data anomaly was discovered within Connexin Software’s network, prompting an immediate investigation into the unusual activity. The investigation was conducted in collaboration with a third-party forensic team in order to identify the nature and extent of the attack. In addition, Connexin reset all passwords for corporate accounts to limit the damage caused by the breach. 

The investigation concluded that the attackers had gained access to various parts of the network that contained the personally identifiable information of the company’s clients. However, Connexin Software noted that the threat actors did not have access to its electronic medical record system, along with their client’s databases, systems, and medical records. The breach report was submitted by Connexin Software to the Department of Health and Human Services’ Office for Civil Rights, declaring the breach as affecting over 2.2 million patients. A substitute breach notification that was subsequently released specified that 119 pediatric healthcare providers had their information disclosed. Practices who were affected by the breach include ABC Pediatrics Practice, Orland Children’s Center Inc., San Marino Pediatric Associates, Angel Kids Pediatrics, Arlington Pediatric Partners, Pediatric Associates of Lawrenceville and the Pediatric Health Center of El Paso. 

Connexin Software later transferred all the offline data that was previously utilized for data conversion and troubleshooting to a more secure part of the network and bolstered their security and surveillance to ensure a disclosure of this nature does not occur again. Child identity monitoring services have been made available for a full year in circumstances when a child’s Social Security number has been compromised or stolen. Children’s protected health information is particularly useful to cybercriminals because it can frequently be used inappropriately over extended periods of time before such exploitation is discovered. The victims of this breach have been encouraged to closely monitor credit reports and provider statements for indications of misconduct.