MedEvolve, an Arkansas-based practice management software provider, revealed a healthcare data breach exposed the information of more than 200,000 patients.
In a July 10 release, MedEvolve, which provides practice management software to physicians and health facilities, said it is notifying Premier patients that their personal information may have been exposed in the breach.
MedEvolve said it discovered on or about May 11 that an FTP server containing a file with information about Premier patients was inadvertently accessible on the internet. The company said the file was placed on the server as part of an isolated data transfer event.
An investigation determined that the file was accessible on the internet from March 29 to May 4 and that one file was subject to unauthorized access on March 29.
MedEvolve said it is mailing letters to impacted patients and will provide them with two years of credit monitoring. The company said it is also informing the Department of Health and Human Services of the breach, as well as required state regulators.
While healthcare data breaches continued to climb in 2017, the number of affected patient records declined 80% last year as the industry managed to avoid a large-scale attack.