NYC Health + Hospitals

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Breach at NYC Health + Hospitals

NYC Health + Hospitals experienced a breach involving the potential compromise of protected health information (PHI). On July 19, 2022, they discovered that a defective hard drive, which had been removed from a visual field testing device at NYC Health + Hospitals/Woodhull, was missing. The hard drive contained patients’ names, dates of birth, medical record numbers, and visual field test results. No financial information or other personal identifiers were on the hard drive. There is no evidence to suggest that the PHI has been misused, and the accessibility of the PHI on the missing hard drive could not be determined[1].

In response to the incident, NYC Health + Hospitals has taken several steps:

  1. Educating staff on the proper chain of custody for devices containing PHI when they are taken out of service.
  2. Implementing a data removal process for the visual field testing device to ensure that data is removed regularly.
  3. Enhancing training to ensure that all staff are aware of the need to promptly notify the Office of Corporate Compliance (OCC) of any incident in which patients’ PHI might be compromised.

NYC Health + Hospitals is notifying all individuals affected by this incident and has invited them to call a toll-free number with any questions or concerns. They are also notifying the Secretary of the U.S. Department of Health and Human Services, as required by federal regulations[1].

Citations:

  1. https://www.nychealthandhospitals.org/pressrelease/notification-of-possible-compromised-phi/
  2. https://news.bloomberglaw.com
  3. https://therecord.media/new-york-medical-network-cyberattack-diversions
  4. https://www.inforisktoday.com/new-york-breach-affects-17-million-a-3349
  5. https://www.beckershospitalreview.com/cybersecurity/new-york-hospital-discloses-data-breach.html
  6. https://www.fiercehealthcare.com/providers/new-york-state-proposes-new-cybersecurity-regulations-hospitals
  7. https://www.cbsnews.com/news/healthalliance-cyberattack-hackers-stole-patient-information-new-york-westchester-medical-center-health-network/
  8. https://www.nytimes.com/2022/12/12/nyregion/brooklyn-hospital-cyberattack.html
  9. https://apnews.com/article/hospital-cyberattack-new-york-8d16389a47792a6a70eeed3f719d8f35
  10. https://www.scmagazine.com/brief/new-york-hospitals-patient-data-impacted-by-cyberattack
  11. https://www.chiefhealthcareexecutive.com/view/cyberattack-of-new-york-hospitals-prompts-diversion-of-patients-it-systems-shut-down
  12. https://ag.ny.gov/press-release/2023/attorney-general-james-secures-300000-newyork-presbyterian-hospital-failing
  13. https://www.thecity.nyc/2023/04/27/one-brooklyn-health-data-breach-cyber-attack/
Breach Submission Date Dec 02, 2022
Converted Entity Name NYC Health + Hospitals
Converted Entity Type Healthcare Provider
State NY
Individuals Affected 2,174
Breach Type Loss

Breach Information Location Other Portable Electronic Device

Business Associate Present Yes