The company learned that an unauthorized third party had gained access to the employee’s email account from May 3-6. There is no evidence that the information stored in the email account has been misused.
Upon investigation, Northwood determined that patients’ protected health information had been exposed. Information found in the email account included names, addresses, dates of birth, provider names, dates of service, medical record numbers, patient ID numbers, diagnoses and diagnosis codes, medical device descriptions, treatment information, and health plan membership numbers. Northwell also disclosed that a small number of patients’ Social Security numbers, driver’s license numbers and health insurance provider names were also exposed.
Since the data breach, Northwood disabled the compromised email account. All employees were required to reset their passwords. Northwood also provided additional training to employees to help them identify email threats.
More articles on cybersecurity:
Cancer Treatment Centers of America alerts 3,900 patients of data breach
Texas pathology group alerts 46,500 patients of data breach
Hackers try to reroute payroll deposits at Texas health system
