HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

270,000 Patients Potentially Affected by Med Associates Hacking Incident

The Latham, NY-based health billing company Med Associates, which provides claims services to more than 70 healthcare providers, has discovered an employee’s computer has been accessed by an unauthorized individual. It is possible that the attacker gained access to the protected health information of up to 276,057 patients through the compromised device.

Unusual activity was identified on an employee’s computer on March 22, 2018, prompting an investigation by the IT department. Further investigation by a third-party computer forensics firm confirmed that the computer had been remotely accessed by an unauthorized individual.

The investigation confirmed that the breach occurred on the same day that the unusual activity was detected. Upon learning of the breach, access to the computer was terminated.

Med Associates and the computer forensics firm did not uncover any evidence to suggest that any information accessible through the computer was accessed by the hacker and neither have any reports been received to suggest any PHI has been misused. All patients impacted by the breach have now been notified and have been offered one year of credit monitoring and identity theft protection services without charge.

Please see the HIPAA Journal Privacy Policy

The majority of individuals impacted by the breach reside in the Capital Region, although approximately 1,700 individuals in Massachusetts, Florida, and Vermont have also been affected.

Most of the patients affected, the breach was limited to names, addresses, dates of birth, health insurance information, dates of service, and diagnosis and procedure codes, although a small number of Social Security numbers were also accessible through the computer.

According to TimesUnion, Med Associates sent a breach report to the Department of Health and Human Services’ Office for Civil Rights on June 14, 2018.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.