Hackers gain access to New York ACO email account, possibly exposing data of 25,000 patients

An unauthorized third party gained access to an employee's email account at a New York ACO that contained a spreadsheet of information for around 25,000 patients, according to The Post Star.

Plattsburgh, N.Y-based Adirondacks Accountable Care Organization has notified the hospitals and medical centers in its system. The data breach happened between March 2-4 when two employees were emailing back and forth about patients who had missed a baby wellness exam. The employees planned to email the spreadsheet to physicians as part of its "population health" analysis, reports The Post Star.

While the hacking incident was not a phishing attack, the ACO said it was unavoidable for employees. It is unclear if patients' information was viewed. On the spreadsheet, patients were identified by their names and birth dates, Social Security numbers or health insurance numbers.

The ACO sent out letters to 20,000 patients last week. On July 12, the agency mailed 5,000 more patients. Adirondacks ACO has offered patients free credit monitoring and identity protection. Patients are advised to review medical bills or explanation of benefits statements.

Editor's note: This article was updated July 16 to indicate the ACO is in New York. 

More articles on cybersecurity:
Phishing attack exposes nearly 15,000 LA County health patients' information
Hospital CFOs are stepping into cybersecurity roles
US warns against Microsoft Outlook vulnerability

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months