270,000 Patients Potentially Affected by Med Associates Hacking Incident
The Latham, NY-based health billing company Med Associates, which provides claims services to more than 70 healthcare providers, has discovered an employee’s computer has been accessed by an unauthorized individual. It is possible that the attacker gained access to the protected health information of up to 276,057 patients through the compromised device.
Unusual activity was identified on an employee’s computer on March 22, 2018, prompting an investigation by the IT department. Further investigation by a third-party computer forensics firm confirmed that the computer had been remotely accessed by an unauthorized individual.
The investigation confirmed that the breach occurred on the same day that the unusual activity was detected. Upon learning of the breach, access to the computer was terminated.
Med Associates and the computer forensics firm did not uncover any evidence to suggest that any information accessible through the computer was accessed by the hacker and neither have any reports been received to suggest any PHI has been misused. All patients impacted by the breach have now been notified and have been offered one year of credit monitoring and identity theft protection services without charge.
The majority of individuals impacted by the breach reside in the Capital Region, although approximately 1,700 individuals in Massachusetts, Florida, and Vermont have also been affected.
Most of the patients affected, the breach was limited to names, addresses, dates of birth, health insurance information, dates of service, and diagnosis and procedure codes, although a small number of Social Security numbers were also accessible through the computer.
According to TimesUnion, Med Associates sent a breach report to the Department of Health and Human Services’ Office for Civil Rights on June 14, 2018.