Unauthorized Access to Internal Computer Network at Connexin Software, Inc.
Connexin Software, Inc. (Connexin), a provider of electronic medical records and practice management software, billing services, and business analytic tools to Gold Pediatrics PA (“Gold Pediatrics”), is providing notice that an unauthorized third party was able to gain access to an internal computer network belonging to Connexin. As a result, some of the Gold Pediatrics’ patient data could have been accessed or disclosed to an unauthorized third party. The live electronic medical record was not accessed and the incident did not affect any Gold Pediatrics’ systems, databases, or medical records systems.
On August 26, 2022, Connexin detected a data anomaly on their internal network. They immediately launched an investigation and engaged third-party forensic experts to determine the nature and scope of the incident. On September 13, 2022, they learned that an unauthorized party was able to access an offline set of patient data used for data conversion and troubleshooting. Some of that data was removed by the unauthorized party. The live electronic record system was not accessed in this incident, and the incident did not involve any Gold Pediatrics’ systems, databases, or medical records systems. Connexin is not aware of any actual or attempted misuse of personal information as a result of this event.
The patient information may have included: (1) patient demographic information (such as patient name, guarantor name, parent/guardian name, address, email address, and date of birth); (2) Social Security Numbers (“SSNs”), (3) health insurance information (payer name, payer contract dates, policy information including type and deductible amount and subscriber number); (4) medical and/or treatment information (dates of service, location, services requested or procedures performed, diagnosis, prescription information, physician names, and Medical Record Numbers); and (5) billing and/or claims information (invoices, submitted claims and appeals, and patient account identifiers used by your provider). Please note that not all data fields may have been involved for all individuals. Information of a parent, guardian, or guarantor may also have been impacted by the incident.
Data security is very important to Gold Pediatrics and Connexin. As soon as Connexin discovered the incident, they immediately took action to stop the unauthorized activity. This included a password reset of all corporate accounts and moving all patient data used for data conversion and troubleshooting into an environment with even greater security. Connexin also retained a third-party cybersecurity forensic firm to investigate the issue and is working with law enforcement to investigate the incident. In response to this incident, Connexin enhanced its security and monitoring as well as further hardened its systems as appropriate to minimize the risk of any similar incident in the future.
If your child’s SSN was impacted, Connexin arranged to offer your child identity monitoring services for a period of one year, at no cost to you, through Kroll (Connexin’s third party vendor). You have 6 months from the date of your notice letter to activate these services, and instructions on how to activate these services are included in your notice letter.
Individuals who may have been impacted by this event are being mailed notices.
If you have any questions about this matter or would like additional information, please call toll-free 855-532-0912. This call center is open from 8:00am – 5:30pm CT, Monday through Friday, excluding some U.S. holidays.
We sincerely regret and apologize that this incident occurred.