Med Associates Breach Potentially Affected 270,000 Patients

Med Associates in Latham, NY is a health billing company that provides claims services to over 70 healthcare providers. The company discovered that an unauthorized person accessed the computer of one of its employees. The attacker could have gained access to the protected health information (PHI) of about 270,000 patients via the compromised computer.

On March 22, 2018, unusual activity was identified on the employeeโ€™s computer. The IT department, assisted by a third-party computer forensics company, investigated and verified that an unauthorized person remotely accessed the computer. The investigating team discovered the data breach happened on the same day that the unusual activity was identified. Upon finding out about the breach, Med Associates terminated access to the computer.

Med Associates, along with the computer forensics company, did not find any proof to indicate PHI was viewed by the hacker. No reports have since been received to suggest there has been any misuse of PHI. All patients affected by the data breach have now been notified of the potential exposure of their PHI and have been given 12 months of free credit monitoring and identity theft protection services.

Nearly all patients affected by the breach live in the Capital Region, although approximately 1,700 persons residing in Massachusetts, Vermont or Florida have were also affected. The majority of patients had limited PHI compromised including names, birth dates, addresses, medical insurance details, dates of service, procedure codes, and diagnoses. A few patients’ Social Security numbers were likewise compromised in the breach.

TimesUnion reported that Med Associates submitted its breach notification report to the Department of Health and Human Servicesโ€™ Office for Civil Rights on June 14, 2018.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/