Concord (N.H.) Orthopaedic has notified individuals of a security incident affecting its patient check-in and appointment scheduling software.
On Nov. 21, Concord Orthopaedic was notified by a third-party vendor that the software was potentially accessed by an unauthorized actor. The clinic shut down all access and reset passwords for the software, according to a March 25 news release from the practice.
Through an investigation, Concord Orthopaedic found that the unauthorized actor accessed the software and potentially viewed or viewed patient registration and appointment intake stored on the software.
Information that may have been involved includes names, dates of birth, Social Security numbers, appointment information, health insurance information and driver’s license or state identification numbers.
The clinic determined that its internal environment and EHR system, which is hosted in a separate application, was not affected.
