Lagrangeville, N.Y.-based Health Quest began notifying an undisclosed number of patients Jan. 10 that their information may have been exposed in a phishing attack.
In October, Health Quest ended its investigation of a phishing incident. The health system found that a number of employees had fallen victim to a phishing attack, resulting in staff being tricked into disclosing their credentials to an unauthorized third party.
Patient data that may have been exposed included names, dates of birth, Social Security numbers, Medicare claim numbers, driver's license numbers, provider names, dates of treatment, treatment and diagnosis information, health insurance plan member and group numbers, health insurance claims information, financial account information with security codes, and payment care information.
Health Quest has secured the email accounts that were compromised. The health system recommends patients review any statements they receive from their providers and health insurers.
Health Quest is a part of Nuvance Health, a seven-hospital system in Hudson Valley, N.Y., and western Connecticut.