July 4, 2018
Med Associates the health billing firm, situated in Latham, NY-based, which provides claims facilities to more than 70 healthcare suppliers, has found that a worker’s computer has been logged onto by an illegal person.
It is possible that the hacker got to the protected health information of up to 270,000 customers through the compromised appliance.
Abnormal activity was seen on a staff member’s computer on March 22, 2018, resulting in an inquiry by the Information Technology division. A more thorough inquiry by a third-party computer forensics company verified that the machine had been distantly retrieved by an illegal person.
The inquiry disclosed that the HIPAA violation happened on the same day that the strange activity was seen. After detecting the breach, access to the computer was disabled.
Med Associates and the computer forensic company did not find any proof to indicate that any information accessible by way of the computer was retrieved by the hacker and neither have any reports been submitted to indicate any protected health information has been wrongly used. All patients affected by the breach have now been contacted and have been offered one year of credit checking and identity thievery protection facilities for free of charge.
The majority of people affected by the breach reside in the Capital Region, even though roughly speaking 1,700 people in Massachusetts, Florida, and Vermont have also been impacted.
With the majority the patients impacted, the breach was limited to names, dates of service, health insurance information, dates of birth, addresses, and diagnosis and procedure codes, even though a small number of Social Security numbers were also available through the machine.
As reported in TimesUnion, Med Associates presented a breach information to the Division of Health and Human Services’ Office for Civil Rights (OCR) on June 14, 2018.