3,775 Patients Informed of Unauthorized Access to a New York Physician’s Computer

Ruben U. Carvajal, MD, a doctor in New York, has started informing his patients that unauthorized individuals possibly viewed their protected health information (PHI). Dr Carvajal learned about the potential health data breach on January 3, 2018 upon receiving advice that the PHI of a number of his patients had been viewable on the internet. The breach was reported to the New York Police Department and the Federal Bureau of Investigation (FBI).

FBI investigators went to Dr. Carvajal’s office and examined the computer. It was confirmed on February 18, 2018 that an unauthorized person viewed the EMR software on his PC. A computer forensics expert meticulously investigated the nature and scope of the data breach. It was found that the unauthorized individual had viewed the doctor’s computer from December 16, 2017 to January 3, 2018 and potentially gained access to the EHR system, although that could not be confirmed.

The data stored on the doctor’s computer that was potentially viewed included the names of patients, addresses, dates of birth, health histories, diagnoses, treatment details, laboratory test results, prescription drugs, medical insurance details, insurance claims information, Medicare and Medicaid ID numbers, and in some cases, Social Security numbers.

Patients were mailed breach notification letters on July 17, 2018. Dr. Carvajal offered his patients credit monitoring and identity theft protection services at no charge. The physician has already taken action to improve security to prevent any further data breaches in the future. As per the data breach report submitted to the Department of Health and Human Servicesโ€™ Office for Civil Rights, 3,775 patients were affected by the breach.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/