On June 20, 2023, Vincera Imaging, LLC, Vincera Rehab, LLC, Vincera Surgery, LLC, and Core Performance Physicians, collectively, “the Vincera Institute,” filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after learning that a recent ransomware attack compromised confidential patient information in the company’s possession. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, addresses, phone numbers, email addresses, dates of birth, medical history and treatment records, insurance information, as well as any other information provided to the Vincera Institute. After confirming that consumer data was leaked, Vincera began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from the Vincera Institute, it is essential you understand what is at risk and what you can do about it. As we’ve discussed in related posts, healthcare providers have been in hackers’ crosshairs for the past several years, as hackers have learned that these organizations often possess vast amounts of confidential data. Hackers can then use any stolen data to commit identity theft or other frauds, or they can sell the information to other criminals on the Dark Web. Either way, victims of a data breach are at a significantly increased risk of fraud and should take all possible steps to protect themselves.
What We Know So Far About the Vincera Institute Breach
News of the Vincera Institute data breach is still fresh; however, what we know at this point comes from the company’s filing with the HHS-OCR. The Vincera Institute also issued a press release detailing the incident. According to these sources, Vincera recently learned about an April 29, 2023 ransomware attack targeting the company’s IT network. In response, Vincera secured its systems and then began working with a specialized team of cybersecurity experts to assist with its investigation.
The Vincera investigation confirmed that unauthorized actors were able to access portions of the company’s computer network. Vincera also determined that some of the files that were accessible to the unauthorized party contained confidential patient information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Vincera Institute began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, address, phone number, email address, date of birth, medical history and treatment records, insurance information, or any other information you provided to the Vincera Institute.
On June 20, 2023, Vincera Institute sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. The Vincera data breach is listed under four entity names on the HHS-OCR data breach portal: Vincera Imaging, LLC, Vincera Rehab, LLC, Vincera Surgery, LLC, and Core Performance Physicians d/b/a Vincera Core Physicians.
More Information About Vincera Institute
Founded in 2013, the Vincera Institute is a sports medicine and healthcare provider located in Philadelphia, Pennsylvania. The Vincera Institute focuses primarily on issues relating to core muscle injuries, pelvic and abdominal pain, hip preservation, hernias, the back, sports injuries and neuropathic pain. The Vincera Institute employs fewer than 25 people and generates less than $5 million in annual revenue.