7,000+ people affected in New York hospital data breach: 4 things to know

Jessica Kim Cohen -

At least 7,000 medical records from New York City-based Bronx-Lebanon Hospital Center were exposed by a third-party vendor, NBC News reports.

Here are four things to know.

1. A team of security researchers at MacKeeper Security Research Center discovered the breach earlier this month. Researcher Bob Diachenko told NBC News private patient information was viewable online due to a misconfigured backup server hosted by iHealth, a records management technology provider.

2. The exposed patient information included names, home addresses and medical diagnoses — along with addiction histories, mental health diagnoses, HIV statuses and sexual assault reports — of patients who visited the hospital between 2014 and 2017. Mr. Diachenko told NBC News it's unclear how long patient records were viewable online.

3.iHealth told NBC News it conducted an internal review upon learning of the breach. The vendor said one unauthorized person accessed the data, although there is no evidence that data has been misused.

"While iHealth continues to work with a leading IT security firm to validate its analysis, at this time, iHealth believes that the issue has been contained," iHealth told NBC News.

4. Bronx-Lebanon Hospital Center confirmed the exposed patient records in an emailed statement to NBC News and said it is cooperating with law enforcement agencies to address the breach.

Editor's note: Becker's Hospital Review reached out to Bronx-Lebanon Hospital Center for comment and will update as more information is available.

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.