The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Debt Collection Agency Data Breach Affects Many Healthcare Providers

R&B Corporation of Virginia, doing business as Credit Control Corporation (CCC), has recently reported a data breach to the Maine Attorney General that has affected 286,699 individuals. CCC is a debt collection agency and business associate of many hospitals and doctor’s offices. The Newport News, VA-based debt collection agency said it detected suspicious activity within its computer systems on March 7, 2023. Its IT systems were immediately isolated, and a forensic investigation was conducted to determine the nature and scope of the activity. On or around March 14, 2023, CCC determined that unauthorized individuals had accessed its systems and copied files that contained sensitive data. The intrusion was determined to have occurred from March 2, 2023, to March 7, 2023.

An initial review of the compromised files was completed on May 3, 2023, which confirmed that the files contained information such as names, addresses, and Social Security numbers. Affected individuals were notified by mail on May 15, 2023. Complimentary credit monitoring services have been offered to affected individuals. CCC said it regularly reviews its data security policies, procedures, and practices and will continue to do so, has augmented its security safeguards to better protect patient data, and has increased the frequency of employee training on the importance of safeguarding data.

Healthcare providers known to have been affected by the breach include:

  • Atlantic Orthopaedic Specialists
  • Bayview Physicians Group
  • Chesapeake Radiology
  • Chesapeake Regional Medical Center
  • Children’s Hospital of the King’s Daughters Health System and its Affiliates
  • Children’s Specialty Group
  • Dominion Pathology Laboratories
  • Emergency Physicians of Tidewater
  • Mary Washington Healthcare
  • Medical Center Radiology
  • Pariser Dermatology Specialists, Inc
  • Riverside Health System
  • Sentara Health System
  • Tidewater Physicians Multispecialty Group
  • UVA Health System
  • Valley Health System
  • VCU Health System

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.


Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist