Catholic Health System
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Catholic Health System in New York experienced multiple data breaches affecting its patients’ protected health information (PHI). These incidents involved unauthorized access to electronic health records and patient information through third-party vendors and consulting services.
Data Breach Involving Minimum Data Set Consultants, LLC (MDS)
In late March 2023, Catholic Health became aware of unusual activity involving certain electronic health records files managed by Minimum Data Set Consultants, LLC (MDS), a firm providing consulting services to skilled nursing facilities. An investigation revealed that the files were accessed without authorization around August 27, 2022, by a former MDS employee. The breach potentially included medical record information from some long-term care residents within Catholic Health. The files contained names, birthdates, demographic information, Social Security and Medicare numbers, and diagnosis information. While there was no indication that the information was misused for identity theft, affected individuals were advised to remain vigilant against identity theft and fraud[1][6][10][23][24].
Data Breach Involving CaptureRx
Another breach occurred when Catholic Health was notified by CaptureRx, a third-party pharmaceutical software vendor, of a data breach on June 3, 2021. This breach impacted patients from Mount St. Mary’s and Sisters of Charity hospitals, involving patient information such as names, dates of birth, and prescription data accessed on February 6, 2021. No financial information was included in the breach. CaptureRx began an investigation and confirmed that private information was compromised. Catholic Health stated that there was no evidence of misuse of this information as a result of the incident[2][3][7].
Response and Measures
Following these incidents, Catholic Health and the involved third parties took steps to enhance security measures and prevent future breaches. This included notifying affected individuals, offering credit monitoring services, and reviewing and enhancing security policies and procedures. Catholic Health emphasized its commitment to protecting the privacy of its patients and any information related to their care[1][2][3].
Legal and Consumer Actions
Affected individuals were advised on steps to protect themselves from potential fraud and identity theft, including monitoring their accounts and credit reports, and placing fraud alerts or credit freezes on their credit files. Data breach attorneys also offered consultations to those impacted, highlighting the seriousness of the situation and the potential for legal action[22].
These breaches underscore the importance of robust cybersecurity measures and the need for constant vigilance by healthcare providers and their third-party vendors to protect sensitive patient information from unauthorized access.
Citations:
- https://blog.chsbuffalo.org/mds-data-breach/
- https://blog.chsbuffalo.org/catholic-health-notified-of-data-breach-by-third-party-vendor/
- https://healthitsecurity.com/news/catholic-health-impacted-by-capturerx-data-breach-patients-phi-exposed
- https://www.wivb.com/news/local-news/buffalo/catholic-health-shares-information-on-data-breach-that-impacted-health-system/
- https://www.torrancememorial.org
- https://www.wivb.com/news/local-news/buffalo/catholic-health-patients-may-have-fallen-victim-to-data-breach/
- https://www.wgrz.com/article/news/local/catholic-health-patients-from-mount-saint-marys-sisters-of-charity-hospitals-impacted-by-data-breach/71-5aa750ff-b1ea-40d6-a889-2d4ec538eec7
- https://www.chsbuffalo.org/about-us/compliance-program/notice-privacy-practice
- https://abcnews.go.com
- https://www.jdsupra.com/legalnews/catholic-health-announces-third-party-7280678/
- https://www.fiercehealthcare.com/health-tech/commonspirit-health-reported-it-security-incident-affecting-facilities-wash-neb-and
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://torontosun.com/opinion/columnists/thkinsella-enforce-laws-designed-to-stop-anti-semitic-mobs-from-attacking-hospitals
- https://www.beckershospitalreview.com/cybersecurity/new-york-health-system-notifies-patient-of-3rd-party-data-breach-2.html
- https://www.idstrong.com/sentinel/people-panicking-in-the-aftermath-of-commonspirit-health-parent-company-hack/
- https://www.hipaajournal.com/healthcare-data-breach-round-up-november-16-2023/
- https://spectrumlocalnews.com/nys/buffalo/news/2022/03/31/catholic-health-suffers-data-breach-of-more-than-1-000-patients
- https://www.beckershospitalreview.com/cybersecurity/the-commonspirit-ransomware-attack-1-year-later.html
- https://www.paubox.com/blog/catholic-charities-neighborhood-services-inc-suffers-hipaa-email-breach
- https://www.wkbw.com/news/local-news/approximately-1-300-catholic-health-patients-impacted-by-data-breach
- https://www.govtech.com/security/buffalo-ny-area-hospitals-disclose-recent-data-breach.html
- https://www.myinjuryattorney.com/catholic-health-data-breach/
- https://proteuscyber.com/pt/privacy-database/news/7270-catholic-health-patients-may-have-fallen-victim-to-data-breach
- https://www.databreaches.net/ny-catholic-health-patients-may-have-fallen-victim-to-data-breach-by-a-consultants-employee/
- https://www.hipaajournal.com/managed-care-of-north-america-hacking-incident-impacts-8-9-million-individuals/