Health Alliance Hospital Mary’s Avenue Campus

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at Health Alliance Hospital Mary’s Avenue Campus in New York was part of a larger data security incident affecting HealthAlliance, Inc., the corporate parent of HealthAlliance Hospital Mary’s Avenue Campus, the former HealthAlliance Hospital Broadway Campus, Margaretville Hospital, and Mountainside Residential Care Center. The incident was first discovered on October 12, 2023, when HealthAlliance learned of a data security incident that disrupted the operations of some of its IT systems. Immediate steps were taken to secure the systems, contain the incident, and notify law enforcement. A third-party forensic firm was engaged to conduct an investigation.

The investigation revealed that an unauthorized party gained access to HealthAlliance’s IT network between August 18, 2023, and October 13, 2023. During this period, the unauthorized party accessed and acquired files containing patient information. The compromised information varied by patient but may have included names, addresses, dates of birth, Social Security numbers, diagnoses, lab results, medications, treatment information, health insurance information, provider names, dates of treatment, and financial information.

In response to the breach, HealthAlliance has offered complimentary credit monitoring and identity theft protection services to patients whose Social Security numbers may have been involved. The organization has also implemented additional safeguards and technical security measures to further protect and monitor its systems. A dedicated toll-free call center has been established to support individuals with questions about the incident[1][5].

The breach was reported to the U.S. Department of Health and Human Services Office for Civil Rights, indicating that 264,197 individuals were affected[11]. This incident was among the significant healthcare data breaches reported in December 2023, highlighting the ongoing challenges healthcare organizations face in protecting sensitive patient information against cyber threats[13].

Citations:

  1. https://www.hahv.org/news/notice-of-data-security-incident-1648
  2. https://www.ecommunity.com
  3. https://www.hahv.org/news/healthalliance-of-the-hudson-valley-experiences-po-1635
  4. https://en.wikipedia.org/wiki/Robert_F._Kennedy_Jr.
  5. https://www.dailyfreeman.com/2023/12/12/healthalliance-cyberattack-began-in-august-included-patients-medical-financial-information-social-security-numbers-hospital-says/
  6. https://tpchd.org
  7. https://hudsonvalleyone.com/2023/10/17/hahvs-kingston-hospital-diverts-patients-for-two-days-without-an-announcement/
  8. https://www.wsj.com/?%252525252525253butm_=undefined&webview=true
  9. https://www.dailyfreeman.com/2023/10/17/healthalliance-hospital-in-kingston-affected-by-potential-cybersecurity-threat/
  10. https://axiawh.com
  11. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?adobe_mc=MCMID%3D02408406485458979789220680779370557994%7CMCORGID%3DA8833BC75245AF9E0A490D4D%2540AdobeOrg%7CTS%3D1696377600
  12. https://www.seattletimes.com
  13. https://www.hipaajournal.com/december-2023-healthcare-data-breach-report/
  14. https://www.sandiegouniontribune.com
  15. https://thecyberexpress.com/wmchealth-cyberattack-disrupts-patient-care/
  16. https://www.bradenton.com
Breach Submission Date Dec 11, 2023
Converted Entity Name Health Alliance Hospital Mary's Avenue Campus
Converted Entity Type Healthcare Provider
State NY
Individuals Affected 264,197
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes