A hacking attack at a New York-based outpatient center might have breached the medical records of approximately 135,000 patients.
The incident occurred on 8 January 2018 when St. Peter’s Surgery & Endoscopy Center (the “Center”) discovered that an unauthorized party had gained access to its servers.
According to a statement published on its website, the Center found no evidence that the responsible individuals had gained access to patients’ information. But it couldn’t definitely rule out the possibility that the bad actors viewed patients’ personal and medical information including their names, dates of birth, addresses, diagnosis codes, insurance information, and Medicare details.
A portal maintained by the U.S. Department of Health and Human Services places the total number of potentially affected individuals at 134,512.
The Center doesn’t believe that a breach of non-Medicare patients’ Social Security Numbers or any patients’ financial information occurred. Nor has it detected any indication of the incident affecting St. Peter’s Hospital, of which it is an outpatient surgery center, or other affiliated healthcare organizations including Albany Gastroenterology Consultants.
Officials at St. Peter’s have apologized for the attack:
We deeply regret any concern or inconvenience this may cause our patients. To help prevent the possibility of future computer security incidents, we are implementing even more stringent information security standards, increasing staff training, and investigating the purchase of additional and more elaborate anti-fraud and virus protection software.
Affected patients will receive a notification letter from the Center if they haven’t already. In the meantime, they should review their health insurer statements for suspicious activity and report any unknown transactions to their insurer immediately.
This attack marks the second largest breach to hit New York State since Newkirk Products Inc., a provider of ID card and management services for several Blue Cross Blue Shield organizations, suffered a security incident involving 3.3 million individuals’ protected health information (PHI) in 2016.
To protect their patients’ data against criminal hackers (“crackers”), ransomware, and other threats, healthcare organizations everywhere should invest in solutions that can help monitor their networks for suspicious activity. Learn how Tripwire can help in this regard by clicking here.