NYC Health + Hospitals
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Breach at NYC Health + Hospitals
NYC Health + Hospitals experienced a breach involving the potential compromise of protected health information (PHI). On July 19, 2022, they discovered that a defective hard drive, which had been removed from a visual field testing device at NYC Health + Hospitals/Woodhull, was missing. The hard drive contained patients’ names, dates of birth, medical record numbers, and visual field test results. No financial information or other personal identifiers were on the hard drive. There is no evidence to suggest that the PHI has been misused, and the accessibility of the PHI on the missing hard drive could not be determined[1].
In response to the incident, NYC Health + Hospitals has taken several steps:
- Educating staff on the proper chain of custody for devices containing PHI when they are taken out of service.
- Implementing a data removal process for the visual field testing device to ensure that data is removed regularly.
- Enhancing training to ensure that all staff are aware of the need to promptly notify the Office of Corporate Compliance (OCC) of any incident in which patients’ PHI might be compromised.
NYC Health + Hospitals is notifying all individuals affected by this incident and has invited them to call a toll-free number with any questions or concerns. They are also notifying the Secretary of the U.S. Department of Health and Human Services, as required by federal regulations[1].
Citations:
- https://www.nychealthandhospitals.org/pressrelease/notification-of-possible-compromised-phi/
- https://news.bloomberglaw.com
- https://therecord.media/new-york-medical-network-cyberattack-diversions
- https://www.inforisktoday.com/new-york-breach-affects-17-million-a-3349
- https://www.beckershospitalreview.com/cybersecurity/new-york-hospital-discloses-data-breach.html
- https://www.fiercehealthcare.com/providers/new-york-state-proposes-new-cybersecurity-regulations-hospitals
- https://www.cbsnews.com/news/healthalliance-cyberattack-hackers-stole-patient-information-new-york-westchester-medical-center-health-network/
- https://www.nytimes.com/2022/12/12/nyregion/brooklyn-hospital-cyberattack.html
- https://apnews.com/article/hospital-cyberattack-new-york-8d16389a47792a6a70eeed3f719d8f35
- https://www.scmagazine.com/brief/new-york-hospitals-patient-data-impacted-by-cyberattack
- https://www.chiefhealthcareexecutive.com/view/cyberattack-of-new-york-hospitals-prompts-diversion-of-patients-it-systems-shut-down
- https://ag.ny.gov/press-release/2023/attorney-general-james-secures-300000-newyork-presbyterian-hospital-failing
- https://www.thecity.nyc/2023/04/27/one-brooklyn-health-data-breach-cyber-attack/