Patient Treatment Centers of America (PTCOA) and the Interventional Surgery Institute (ISI) are notifying over 19,000 patients of a security breach suffered by third party vendor Bizmatics.

Bizmatics owns and operates PrognoCIS, an electronic health record and practice management tool used by PTCOA to store and organize patient medical files.

“Bizmatics recently informed us that a malicious hacker attacked Bizmatics’ data servers, which resulted in unauthorized access to Bizmatics customers’ records, ours included,” according to the HIPAA Security Notification. “The PrognoCIS tool stores and organizes patient files, so the information that was potentially compromised is the medical record we maintain on you as a patient, such as health visit information, name, address, health insurance information, driver’s license number or other ID and, in some cases, a Social Security number.”

PTCOA reported that Bizmatics became aware of the incident in late 2015, and while the exact date of the breach is unknown, Bizmatics believes that it began in early 2015.

“We have no reason to believe that our patient files were the target of the hackers’ attack on Bizmatics,” wrote HIPAA. “Due to the nature of the attack, Bizmatics cannot say for certain that PTCOA’s patient files were among the data that was accessed or acquired by the hacker.”

All PTCOA/ISI patients affected by the breach have been notified and offered credit monitoring and identity theft recovery services with Experian for a period of one year without charge.