Med Associates in Latham, NY is a health billing company that provides claims services to over 70 healthcare providers. The company discovered that an unauthorized person accessed the computer of one of its employees. The attacker could have gained access to the protected health information (PHI) of about 270,000 patients via the compromised computer.
On March 22, 2018, unusual activity was identified on the employee’s computer. The IT department, assisted by a third-party computer forensics company, investigated and verified that an unauthorized person remotely accessed the computer. The investigating team discovered the data breach happened on the same day that the unusual activity was identified. Upon finding out about the breach, Med Associates terminated access to the computer.
Med Associates, along with the computer forensics company, did not find any proof to indicate PHI was viewed by the hacker. No reports have since been received to suggest there has been any misuse of PHI. All patients affected by the data breach have now been notified of the potential exposure of their PHI and have been given 12 months of free credit monitoring and identity theft protection services.
Nearly all patients affected by the breach live in the Capital Region, although approximately 1,700 persons residing in Massachusetts, Vermont or Florida have were also affected. The majority of patients had limited PHI compromised including names, birth dates, addresses, medical insurance details, dates of service, procedure codes, and diagnoses. A few patients’ Social Security numbers were likewise compromised in the breach.
TimesUnion reported that Med Associates submitted its breach notification report to the Department of Health and Human Services’ Office for Civil Rights on June 14, 2018.