Misconfigured Security Settings Result in 63,500 Middletown Medical Patients Having their PHI disclosed


A security setting that was not configured correctly on a radiology system has led to the patients’ Protected Health Information of tens of thousands of patients of Middletown Medical, a multi-specialty physicians’ group based in Middleton, NY, The breach was first noticed on January 29, 2018.

On January 30 the interface was readjusted that any illegal people could no longer get patient information. The length of time that the information was accessible remains unclear. The organization has disclosed that only a limited number of patients’ Protected Health Information might have been downloaded by illegal people.

Highly confidential information including Social Security details, financial data, and insurance information was not copied. The breach contained information such as names, birth dates, client identification numbers, verification that patients have received radiology facilities and the appointment particulars for those facilities. Additionally, a limited number of patients also had radiology images, diagnosis codes, and radiology reports copied.

The detection of the fault resulted in Middletown Medical refreshing its policies and procedures to apply new protections to make sure the secrecy of documents containing PHI. Further teaching has been provided to workers on getting information systems and amendments have been made to interfaces to make sure all information remains totally secure.

There have been no reports submitted describing abuse of Protected Health Information. Nevertheless, as an additional protection, all patients who might have been damaged by the breach have been offered free identity theft recovery facilities for a period of 12 months and have been instructed to cautiously consider their account statements and Explanation of Benefits statements for any indication or fake dealings.

The recorded Division of Health and Human Services’ Office for Civil Rights (OCR) data breach notice submitted indicated that 63,551 patients had their PHI breached, meaning that this is among the biggest healthcare safety occurrences in 2018.