New York City-based New York University Langone Health is notifying roughly 2,000 patients after a binder containing presurgical insurance authorizations was mistakenly recycled by its cleaning company Oct. 17.
Potentially compromised information includes names, dates of birth, dates of service, diagnosis codes, current procedural terminology codes, insurer names and identification numbers, and in some cases other related comments, such as insurance approval or denial information and inpatient or outpatient statuses of patients from NYU Langone Health Pediatric Surgery Associates.
The hospital does not have any indication this information has been misused, but because the documents were not properly shredded prior to disposal, the hospital is offering affected individuals one free year of identity theft protection with cyber monitoring from ID Experts.
"NYU Langone is committed to protecting the privacy and security of its patients' health information and has taken steps to ensure that a similar incident will not occur. Staff was reeducated on the importance of safeguarding patient information and the practice updated their workflow to further protect such information," hospital spokeswoman Allison Clair reiterated in an email to Becker's Hospital Review.
More articles on cybersecurity:
Bitcoin falls $1k in 1 hour as Bitcoin Cash emerges as rival: 4 things to know
Stolen hard drive from Chilton Medical Center exposes 10 years of patient data
68% of consumers would leave provider if it was hit with ransomware: 5 report insights