Unauthorized Computer Access
Unauthorized Access to Internal Computer Network at Connexin Software, Inc.
Connexin Software, Inc. (Connexin), a provider of electronic medical records and practice management software, billing services, and business analytic tools to pediatric physician practice groups, is providing notice that an unauthorized third party was able to gain access to an internal computer network. The live electronic medical record was not accessed and the incident did not affect any pediatric practice groups’ systems, databases, or medical records system at all.
On August 26, 2022, Connexin detected a data anomaly on our internal network. We immediately launched an investigation and engaged third-party forensic experts to determine the nature and scope of the incident. On September 13, 2022, we learned that an unauthorized party was able to access an offline set of patient data used for data conversion and troubleshooting. Some of that data was removed by the unauthorized party. The live electronic record system was not accessed in this incident, and the incident did not involve any physician practice group’s systems, databases, or medical records system at all. Connexin is not aware of any actual or attempted misuse of personal information as a result of this event.
The patient information may have included: (1) patient demographic information (such as patient name, guarantor name, parent/guardian name, address, email address, and date of birth); (2) Social Security Numbers (“SSNs”), (3) health insurance information (payer name, payer contract dates, policy information including type and deductible amount and subscriber number); (4) medical and/or treatment information (dates of service, location, services requested or procedures performed, diagnosis, prescription information, physician names, and Medical Record Numbers); and (5) billing and/or claims information (invoices, submitted claims and appeals, and patient account identifiers used by your provider). Please note that not all data fields may have been involved for all individuals. Information of a parent, guardian, or guarantor may also have been impacted by the incident.
Data security is very important to us. As soon as we discovered the incident, we immediately took action to stop the unauthorized activity. This included a password reset of all corporate accounts and moving all patient data used for data conversion and troubleshooting into an environment with even greater security. Connexin also retained a third-party cybersecurity forensic firm to investigate the issue and is working with law enforcement to investigate the incident. In response to this incident, Connexin has enhanced its security and monitoring as well as further hardened its systems as appropriate to minimize the risk of any similar incident in the future.
The enclosed Reference Guide includes additional information on general steps you can take to monitor and protect your child’s personal information. We encourage you to carefully review credit reports and statements sent from providers as well as your insurance company to ensure that all account activity is valid; any questionable charges should be promptly reported to the provider’s billing office, or for insurance statements, to your insurance company.
If your child’s SSN was impacted, Connexin has arranged to offer your child identity monitoring services for a period of one year, at no cost to you, through Kroll (our third party vendor). You have 6 months from the date of your notice letter to activate these services, and instructions on how to activate these services are included in your notice letter.
Individuals who may have been impacted by this event are being mailed notices. Since it is possible there may be insufficient or out-of-date contact information for some individuals whose information was impacted, this notice is also accessible via Connexin’s website at https://www.officepracticum.com/substitute-notice/ and the affected physician practice groups’ websites, consistent with HIPAA.
If you have any questions about this matter or would like additional information, please refer to the enclosed Reference Guide, or call toll-free 855-532-0912. This call center is open from 8:00am – 5:30pm CT, Monday through Friday, excluding some U.S. holidays.
We sincerely regret and apologize that this incident occurred. Connexin takes the security of personal information seriously, and we will continue to work diligently to protect the information entrusted to us.