CONGRESS is learning months later that RXNT, a healthcare software contractor used by the Office of the Attending Physician, was breached on 1 March and 3 March, with hackers obtaining copies of patient data stored within the platform. The compromised data includes names, birth dates, home addresses, prescription information, physician names and pharmacy information, while broader medical records, Social Security numbers, insurance information and financial data were not affected, according to the article.
The contractor notified the government on the final day allowed under federal health privacy law. The breach was reported as unfolding before lawmakers became aware, with the breach referenced as a matter of concern for Congress. According to the piece, the breach occurred more than two months before the notice, and the information comes via coverage linked to Politico and HIPAA Journal.
The Office of the Attending Physician confirmed the scope as described, and the article notes that the notification to government occurred within the legally permitted window.