An Oklahoma-based provider of administrative and technology services to healthcare organizations is notifying more than 271,000 individuals that their personal information may have been compromised in a hacking incident involving a third-party data storage vendor.
The breach is the latest in a long and growing list of major health data security incidents reported to regulators in 2022 involving vendors and sometimes very complicated third-party relationships.
Avem Health Partners – itself a third-party provider of IT services to healthcare entities – in a breach report filed on Dec. 13 to the state of Maine’s attorney general’s office – says that patient information stored on servers of one of its vendors was subject to unauthorized access in an external hacking incident in May.
Avem, in a breach notification statement posted on its website, says “it was notified of a data security incident experienced by 365 Data Centers, a data storage vendor used by a third-party service provider engaged by Avem.”
