Vendor security risks continue to challenge healthcare providers. Veradigm (formerly Allscripts) and ApolloMD, both providers of practice and revenue cycle management software and services, are the latest to report hacking incidents to regulators, creating complications for providers and affecting patient care.

This week, Veradigm started informing regulators in multiple states about a hacking incident caused by a compromised customer credential.

In its breach notification, Veradigm stated that on July 1, it discovered unauthorized access to data belonging to some of its customers.

“Veradigm learned that following a data security incident targeting one of its customers, the unauthorized party used a credential obtained from that customer to access a Veradigm storage unit,”

the company said.

The data affected by the Veradigm breach varies by individual and may include names, dates of birth, contact details, medical information (diagnoses and treatments), Social Security numbers, health insurance and payment information, and driver’s license numbers.

Veradigm said it retained cybersecurity experts

“to conduct a thorough review of the impacted storage account and allocated significant resources to help ensure that the solutions Veradigm provides to its customers are secure.”

Atlanta-based ApolloMD Business Services announced in a breach notice that it has begun informing affiliated physician practices of a data security incident that may have involved unauthorized access to patient information.

The notice lists roughly a dozen affected practices, including Passaic Hospitalist Services, Pensacola Hospitalist Physicians, Broad River Physicians Group, Olive Branch Emergency Physicians, Aurora Emergency Physicians, Passaic River Physicians, The Bortolazzo Group, Methodist University Emergency Physicians, Trinity Emergency Physicians, Lorain Emergency Physicians, and Pennsylvania Hospitalist Group.

ApolloMD discovered the incident on May 22 after detecting unusual activity in its IT systems. The company engaged third-party experts to investigate and also reported the matter to law enforcement.