Email Breach Affects 22,000 Ambulatory Surgery Center of Westchester Patients
The Mount Kisco Surgery Center, doing business as the Ambulatory Surgery Center of Westchester in New York, has recently notified 22,139 patients that some of their HIPAA protected health information has been exposed and potentially stolen.
Suspicious activity was detected in an employee’s email account on November 3, 2023, and after securing the account, a forensic investigation was launched to determine the nature and scope of the activity. The investigation confirmed that the unauthorized third party had access to the account from October 23, 2023, to November 3, 2023, and that the account contained patient data.
A comprehensive review was then initiated to determine the individuals affected and the types of data involved. That process was completed on May 30, 2024, and then address information was verified. The affected individuals were notified by mail on June 26, 2024. The types of data involved varied from patient to patient and included names in combination with one or more of the following: Social Security number, driver’s license number, state identification number, date of birth, medical information, including diagnosis information, treatment information, and prescription information, and health insurance information, including claim information and health insurance number.
At the time of issuing notifications, no reports had been received to suggest there had been any misuse of patient data. Mount Kisco Surgery Center said it has enhanced network security to prevent similar breaches in the future.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Mobile Medical Response Warns Patients About PHI Breach
Mobile Medical Response, a Michigan-based provider of medical transportation and ambulance services, has announced that there has been an impermissible disclosure of patient information at one of its business associates. Mobile Medical Response contracted with CBM Services to provide collections services. CMB Services had issued a check to Mobile Medical Response, which an unauthorized individual attempted to cash.
When checks are issued to Mobile Medical Response by CMB Services, they are accompanied by a statement of accounts that includes the names of individuals to whom the payments relate. The statements include names, identify individuals as having received transportation services from Mobile Medical Response, and potentially include other information.
Mobile Medical Response has confirmed that addresses, dates of birth, Social Security numbers, driver’s license/state identification numbers, financial account information, payment card information, patient record information, medical diagnosis/condition information, medical treatment information, and health insurance information were not impermissibly disclosed.
Mobile Medical Response is currently investigating the incident to determine the full name, scope, and impact of the event. In the meantime, the breach has been reported as affecting 500 individuals. The total will be updated when the investigation has been completed.
