270K Patients' Medical, Insurance Data Compromised

Med Associates said it’s boosting its data security protocols.

A healthcare billing firm called Med Associates suffered a data breach this past spring that could have exposed the health and personal information of as many as 270,000 patients, according to a press release from the upstate New York company and published reports.

>> READ: 5 Data Breaches That Show How Cybersecurity Must Evolve

On March 22, Med Associates learned of “unusual activity” at an employee’s workstation, which prompted an investigation alongside its information-technology contractor and a “leading” third-party forensics firm, according to the press release. They found that an “unauthorized party” accessed the workstation and might have accessed records containing patient names, dates of birth, dates of service, diagnostic codes, procedural codes, and insurance data such as identification numbers, according to Med Associates, which has been in business for 30 years.

The Albany Times-Union reported that the intruder had access to the records of 270,000 people. But Med Associates noted that the affected data didn’t include banking or credit card details, and the company isn’t “aware of any misuse” of protected health information or personal data.

“The privacy and security of information in our possession is one of our highest priorities,” the company said in a statement. “Upon learning of this incident, we immediately secured the impacted workstation, implemented even more stringent information-security standards, and have increased staff training on data privacy and security.”

Med Associates began sending letters to affected patients early this month, and news of the data breach didn’t surface until last week. It has contacted the HHS Office of Civil Rights, which oversees data-privacy incidents in healthcare and maintains a list of breach information.

The organization is reportedly offering a year of free credit monitoring to patients whose data were exposed in the breach. Individuals may call 855-206-9883, between 8 a.m. and 4 p.m. Monday through Friday, to find out whether their information was revealed or to ask any other questions.

Data Breaches, of course, have become a major concern for healthcare in recent years. Every month, Healthcare Analytics News™ publishes a list of incidents and the total number of patients affected, a tally that regularly comprises hundreds of thousands of individuals.

Part of the problem is that medical information sells for a high price on the dark web. Healthcare employees, meanwhile, sometimes take part in inside data-theft jobs and place patient data at risk in other ways. Cybersecurity teams also have a hard time keeping up with the growing demands and limited resources placed on their shoulders, especially as the nature of the cyberthreat evolves.

But there are ways to better protect data and combat cyberattacks. One crucial component? Plan ahead.

Get the best insights in healthcare analytics directly to your inbox.

Related

What to Do Before and After a Data Breach

Learning from Chesapeake Regional Healthcare’s Hard Drive Data Breach

Vulnerabilities Are Surging, and Healthcare Cybersecurity Might Struggle to Keep Up