On Sept. 8, the medical center discovered suspicious activity on one of its servers, blocking possible attempts by an unauthorized user to download information, NewYork-Presbyterian said in the Nov. 11 notice.
While reviewing the incident, NewYork-Presbyterian discovered a hacker had used a cloud-based, remote IT customer support program to access several employee laptops, copying and removing desktop files from some of them.
While the hacker did not access the medical center’s patient portal, one of the compromised devices contained the protected health information of certain patients of NewYork-Presbyterian/Queens and NewYork-Presbyterian/Hudson Valley. The data may have included first and last names, addresses, payer authorizations, medical record numbers and examination results.
NewYork-Presbyterian said it has taken steps to prevent this type of incident from happening in the future, including suspending the accounts used for the technical assistance program and terminating the service.
