Patient records on insurance claims were accessed on a cloud-based backup service, according to the software provider.
The breach exposed records of public agencies in California, Kansas and Utah. The data included police injury reports, drug tests, detailed doctor visit notes and Social Security numbers.
A statement from Systema Software indicated that, “a single individual gained unapproved access into our data storage system.”
According to Systema, a Texas-based techie named Chris Vickery reported the exposed records and turned over to authorities the hard drive on which the records from Systema Software were recorded.
“The Texas attorney general has secured the hard drive and, as an added measure of protection, this individual has provided written confirmation to the (AG) that he has not shared or used the data inappropriately,” Systema said. “We have no indication that any data has been used inappropriately or accessed by anyone outside of this one individual, and presently do not believe there is a need for credit monitoring or identify theft services as they relate to this issue.”
Systema said it is launching a comprehensive internal review to identify the scope of the event and to take necessary remediation measures.
Systema, Larkspur, Calif., is a developer of Web-based claims management software for organizations handling workers' compensation, automobile, liability and property claims.
The breach affected a half-dozen companies and organizations, including CSAC Excess Insurance Authority, a California “member-directed insurance risk-sharing pool,” the Kansas State Self-Insurance Fund and Salt Lake County, Utah.
A statement from the Salt Lake County office said it is conducting a thorough review of its data security oversight procedures to ensure their third-party vendors have the proper security measures in place.