25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

New York State Psychiatric Institute Reports 22K-Record PHI Breach

Posted By on Aug 31, 2016

New York State Psychiatric Institute has reported that unauthorized individuals have gained access to parts of the institute’s computer system which was used to store the protected health information of 21,880 research participants.

The intrusion was detected on June 17, 2016, although the subsequent investigation revealed that the system was accessed by unauthorized individuals between April 28 and May 4, 2016.

New York State Psychiatric Institute has not been able to confirm whether sensitive data were actually viewed or copied by those individuals, although the possibility that protected health information was accessed could not be ruled out.

The compromised system contained a range of data on research participants, including names, addresses, telephone numbers, email addresses, dates of birth, Social Security numbers, driver’s license numbers, state ID numbers, county, school, and coded health information from questionnaires and interviews.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Access to the system has now been blocked and the New York State Office of Mental Health run psychiatric facility has brought in a leading external cybersecurity firm to conduct a full forensic analysis of its systems. Steps are also being taken to improve security to better protect data and prevent future security breaches from occurring.

The Department of Health and Human Services’ Office for Civil Rights was notified of the breach on August 15, 2016 and affected research participants have been sent breach notification letters alerting them to the exposure of their PHI. All individuals affected by the breach have been offered complimentary identity theft protection services with ID experts for a period of 12 months.

There have been 62 cases of hacking reported to the Office for Civil Rights so far in 2016, the largest of which was the hacking of 21st Century Oncology, which resulted in the exposure of 2.2 million records.

In 2016 alone, hackers have viewed or copied the protected health information of 10,857,944 individuals. That is four times as many healthcare records as all other types of healthcare data breaches combined. The remaining 125 healthcare data breaches (unauthorized access/disclosure, device loss, device theft, improper disposal) resulted in the exposure of 2,714,789 healthcare records.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist