Metro Infectious Disease Consultants

Metro Infectious Disease Consultants operates as a healthcare organization within the United States, specializing in the diagnosis, treatment, and management of infectious diseases. The organization serves patients requiring expert medical consultation for a range of infectious conditions, maintaining comprehensive personal health information as part of its standard care delivery. This includes the collection and storage of sensitive data such as names, contact details, dates of birth, insurance information, specific medical details, Social Security numbers, and driver’s license numbers, which is typical for a medical provider handling patient records and billing. Their work places them within the specialized sector of infectious disease medicine, a critical niche within the broader healthcare system that addresses complex and communicable illnesses. The nature of their services necessitates strict adherence to healthcare privacy regulations, including the protection of protected health information under laws such as HIPAA. The organization's operational model is centered on direct patient care and clinical consultation, requiring robust data management systems to support their medical practice.

A significant security incident occurred on June 24, 2021, when unauthorized third parties accessed certain employee email accounts, potentially compromising the personal information of 171,740 individuals. This event provides clear evidence of the substantial scale of the organization's patient population and the volume of sensitive data it handles. The organization's response to the incident included securing the affected accounts, engaging external forensic experts to investigate the breach, and implementing additional security measures to prevent future occurrences. Furthermore, Metro Infectious Disease Consultants fulfilled regulatory notification obligations by sending letters to all potentially impacted individuals and established a dedicated helpline to address inquiries. For those whose Social Security numbers or driver’s license numbers were potentially exposed, the organization offered complimentary credit monitoring services, demonstrating a standard approach to mitigating harm following a data breach involving highly sensitive personal identifiers. This incident and the subsequent actions highlight the organization's operational footprint and its established procedures for incident response and regulatory compliance within the U.S. healthcare landscape.