March 8, 2018
St. Peter’s Surgery & Endoscopy Center in New York has been struck by a malware infection which might have let hackers to access medical files of up to 135,000 patients.
This is the second largest healthcare data breach of 2018, thus far, and the biggest to be suffered in New York State since the 3,466,120-record files breach at Newkirk Products, Inc. in August 2016.
The data violation at St. Peter’s Surgery & Endoscopy Center was seen on January 8, 2018: The same day as hackers got access to its server. The swift finding of the malware limited the time the hackers had access to the server and probably avoided patients’ data from being viewed or copied. Nevertheless, while no proof of data access or data theft was found, it was not possible to remove either out with a high level of confidence.
In the alternate branch notice circulated, St. Peter’s Surgery & Endoscopy Center states the servers it uses are distinct from St. Peter’s Hospital and Albany Gastroenterology Consultants. PHI saved by those medical centers was not undermined because of the malware contagion. Only patients who have earlier visited St. Peter’s Surgery & Endoscopy Center for medical cure have probably been affected. Letters to affected patients were delivered on February 28, 2018 and the occurrence has been made known to the HHS’ OCR.
The information probably accessed/copied was limited to patients’ names, procedure codes, dates of service, diagnosis codes, dates of birth, addresses, and insurance data. Some patients also had Medicare information accessed. Patients without Medicare didn’t have their social security details disclosed and no patients’ banking or credit/debit card numbers were accessed.
Patients whose Medicare data was disclosed have been offered 12 months of credit checking and identity theft safety facilities for free “out of an abundance of caution” and all patients have been informed to verify their health insurance statements cautiously for any indication of fake use of their data.
No details have been issued on the precise nature of the safety breach, such as how the hackers got access to the server to upload malware. St. Peter’s Surgery & Endoscopy Center said actions are being taken to increase safety, which includes additional staff teaching. The buying of more – and more stylish – anti-virus and anti-malware solutions are also being taken into consideration.