Data Breaches Announced by Central New York Cardiology & Park Place Pediatric Dentistry
Central New York Cardiology has experienced a cyberattack involving unauthorized access to patient data, and an unencrypted laptop computer has been stolen from an employee of Park Place Pediatric Dentistry in Texas.
Central New York Cardiology
Central New York Cardiology fell victim to a cyberattack in December 2024 in which hackers accessed its network and potentially viewed or obtained patient data. The forensic investigation confirmed that the hackers could access parts of its network from December 26, 2024, to December 30, 2024. The file review is ongoing, and at the time of the breach announcement, the total number of affected individuals had not been determined; however, Central New York Cardiology has confirmed that the information compromised in the incident likely included first and last names together with one or more of the following: address, date of birth, driver’s license number, Social Security number, diagnosis/condition, health insurance information, provider name, other treatment information, and/or financial account information.
Central New York Cardiology has implemented additional cybersecurity measures to prevent similar incidents in the future and is reviewing its policies and procedures related to data protection. Notification letters have started to be sent to the affected individuals. Currently, the HHS’ Office for Civil Rights breach portal has a placeholder of 500 affected individuals. The total will be updated when the file review has concluded.
Park Place Pediatric Dentistry
Children’s Dental Center at Preston Trail, P.C., doing business as Park Place Pediatric Dentistry in Arlington, TX, has notified 1,690 patients that their protected health information was stored on an unencrypted laptop computer that was stolen from an employee’s vehicle. Park Place Pediatric Dentistry was notified about the theft on December 11, 2024, and quickly engaged cybersecurity experts to assess and remediate the incident. The theft was also reported to law enforcement; however, the laptop computer has not been recovered.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The review of the laptop confirmed it contained protected health information such as names, patient account numbers, dates of birth, dates of service, medical treatment records, and financial information related to treatment. The team member concerned has been reeducated about mobile device security and efforts have been redoubled to ensure that all portable electronic devices containing patient data are encrypted. The affected individuals have been offered complimentary credit monitoring and identity theft protection services.
