The cardiology practice, part of Albany, N.Y.-based St. Peter’s Health Partners Medical Associates, reported the privacy breach to HHS Aug. 3 and said it affected 1,789 individuals.
In a notification letter to patients, the practice said that payment information linked to cash, check and credit card payments that should have been in bank deposit bags between Jan. 27 and April 8 was missing.
St. Peter’s used a contracted courier service to transport its bank deposit bags during the time the payment information went missing. The courier service is part of St. Peter’s investigation of the incident, and in response, the health provider has adjusted its safety and security procedures and controls of its bank deposit bag process.
“SPHPMA takes this incident and the protection of our patients’ protected health information extremely seriously. We apologize for the inconvenience and deeply regret any concern this situation may have caused,” St. Peter’s privacy officer Kate Barnhart said in the Aug. 3 letter.
St. Peter’s is offering affected individuals one year of free credit protection and identity theft services.
More articles on cybersecurity:
Malware attack exposes info of 129,000+ Behavioral Health Network patients
Blackbaud hack exposes info of 657,392 Maine health system donors
Rite Aid pharmacy thefts expose information of 9,200 patients
