HIPAAcraticRx - The Prescription for HIPAA Compliance

HOME   |   THE RISKS   |  PATH TO COMPLIANCE  |  ADDITIONAL SERVICES  |  ABOUT  |  CONTACT

20 Hempstead Turnpike, Farmingdale, New York 11735 . (516) 200-6610 . info@hipaacraticrx.com

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon

© 2019 HIPAAcratic Rx -

Upstate NY Health Hacking Incident Exposes Data of 25,000 Patients

July 15, 2019

 

A hacker gained access to an emailed discussion about upstate NY patients who missed a health screening, leading to a massive breach-of-data warning.

 

About 25,000 patients were on a “gap in care” spreadsheet, identified in a variety of ways. Some were named with their birth date, some had Social Security numbers, and some had a Medicare or health insurance number included.

 

All of them were exposed to the hack of an Adirondacks Accountable Care Organization email inbox. However, officials don’t know if the hacker actually looked at the spreadsheet. It was the only item in the email account with private data, said Gregory Daniels, chief compliance officer for the Adirondacks ACO, “There’s no way to know if anything was actually viewed,” he said.

Adirondacks ACO is a Plattsburgh-based agency that analyses health data for the entire region. All the Adirondack region’s hospitals and most medical groups use Adirondacks ACO for analytics, including those run by Adirondack Health, the University of Vermont Health Network, Glens Falls Hospital and Hudson Headwaters Health Network.

 

The agency started sending out 20,000 letters last week to notify each patient of the data breach, as reported by the Adirondack Daily Enterprise. On Friday, 5,000 more letters were sent out, and a few more remain.

 

The incident started with two employees discussing data about patients who missed a baby wellness exam and other screenings. It was part of a “population health” analysis. They were going to send the information to physicians in the network, who could decide how to contact their patients.

 

Then a hacker from outside the country accessed the email account. It was not a phishing attack, where an employee clicks on an email that appears to be legitimate but unintentionally opens a way for a hacker to access the system.

 

The email account was hacked between March 2 and 4, and was discovered by the Champlain Valley Physician’s Hospital in Plattsburgh on March 4. The account was held by an employee who worked for both the hospital and Adirondacks ACO.

 

Adirondacks ACO will pay for credit monitoring and identity protection for those whose Social Security numbers were included on the spreadsheet. To protect your business or pratice, contact the HIPAA compliance experts at HIPAAcraticRx.

 

 

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Ransomware Costs Rise and Cause Downtime

July 16, 2019

1/10
Please reload

Recent Posts
Please reload

Archive