Latham, N.Y.-based Community Care Physician began notifying an undisclosed number of patients Feb. 14 that their information may have been affected in a ransomware attack at third-party accounting vendor BST & Co.
The Albany, N.Y.-based accounting firm discovered that its computers had been infected with ransomware in December 2019. BST worked quickly to restore its systems, with the ransomware only being present between Dec. 4-7, 2019.
Though there is no evidence that patient information was removed from its system, BST and Community Care Physicians are alerting patients of the incident. Information that may have been affected by the ransomware attack included names, dates of birth, billing codes, insurance descriptions and medical record numbers.
"[Community Care Physicians] takes our patients' security and privacy very seriously. It's important to know this was not a Community Care Physicians incident," the health system said in an online statement. "Our patients' data remains secure with [Community Care Physicians]. BST immediately addressed the incident and it was successfully handled. The data involved wasn't the most sensitive type of data. It didn't include EMR data, financial information or social security numbers, or even addresses … We also have no evidence that any of this data was accessed or used by anybody."