HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Attack on New York Billing Company Affects 942K Individuals

Practice Resources, a Syracuse, NY, provider of billing and other professional services, has suffered a data breach involving the records of 942,138 individuals.

According to the breach notification sent to the California Attorney General, Practice Resources was the victim of a ransomware attack on April 12, 2022. Assisted by third-party digital forensics experts, Practice Resources determined that there had been unauthorized access to parts of the network where the protected health information of its clients was stored and the attackers may have infiltrated that information prior to file encryption.

A review of the documents potentially affected by the attack confirmed they contained information such as names, addresses, dates of treatment, health plan numbers, and medical record numbers. Practice Resources has offered affected individuals a complimentary membership to an identity theft protection and credit monitoring service.

Practice Resources said it has issued notification letters to affected individuals on behalf of 28 clients that were affected by the data breach.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

  • Achieve Physical Therapy, PC
  • CNY Obstetrics and Gynecology, P.C.
  • Community Memorial Hospital, Inc
  • Crouse Health Hospital, Inc
  • Crouse Medical Practice PLLC
  • Family Care Medical Group, PC
  • Fitness Forum Physical Therapy, PC
  • FLH Medical PC
  • Greece Dermatological Associates, PC
  • Guidone Physical Therapy, PC
  • Hamilton Orthopedic Surgery & Sports Medicine
  • Helendale Dermatological and Medical Spa, PLLC
  • Kudos Medical, PLLC
  • Laboratory Alliance of Central New York, LLC
  • Liverpool Physical Therapy, PC
  • Michael J Paciorek, MD PC
  • Nephrology Associates of Watertown, PC
  • Nephrology Hypertension Associates of CNY, PC
  • Orthopedics East, PC
  • Salvation Army
  • Soldiers & Sailors Memorial Hospital—Physician Practices
  • Joseph’s Medical
  • Surgical Care West, PLLC
  • Syracuse Endoscopy Associates, LLC
  • Syracuse Gastroenterological Associates, PC
  • Syracuse Pediatrics
  • Tully Physical Therapy
  • Upstate Community Medical, PC

Valley Baptist Medical Center Systems Hacked

Brownsville, TX-based Valley Baptist Medical Center has recently started notifying certain patients that some of their protected health information has been exposed and potentially stolen. On June 14, 2022, Valley Baptist determined that an unauthorized third party had gained access to a computer system. The forensic investigation determined that unauthorized access occurred between March 31 and April 24, 2022.

When the breach was detected, user access to systems was suspended, cybersecurity protocols were implemented, and steps were taken to prevent further unauthorized access. The forensic investigation determined that patient information was potentially affected, including names, contact information, dates of birth, health insurance information, dates of service, patient account numbers, medical record numbers, medications, diagnosis information, provider and facility names, and visit information. Valley Baptist said patients of its Brownsville and Harlingen medical centers were affected.

The data breach has been reported to the HHS’ Office for Civil Rights as affecting 18,633 patients: 11,137 patients of Valley Baptist Medical Center – Harlingen, and 7,496 patients of Valley Baptist Medical Center – Brownsville.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.