A healthcare data breach at Med Associates, a Lathan, N.Y.-based health billing company, that may have exposed the protected health information (PHI) of 270,000 people, according to local media reports.
Med Associates posted an announcement on its website regarding a recent data security incident. On March 22, Med Associates became aware of “unusual activity relating to an employee’s workstation occurring that same day,” the company stated. “Med Associates immediately began investigating with our IT vendor and subsequently retained a leading third-party forensic investigation firm to assist with our investigation.”
Through the investigation, it was determined that the unauthorized party accessed the workstation and through that, may have had access to certain personal and protection information, Med Associates stated. “While our investigation is ongoing, we have determined that that information that may have been accessible from the workstation would have included patient names, date of birth, address, dates of service, diagnosis codes, procedure codes and insurance information, including insurance ID Number. There was no banking or credit card information contained on or accessible from the work station. Additionally, we are currently not aware of any misuse of patients’ protected health and/or personal information,” the company wrote in online post.
The company said that upon learning of this incident, company leaders immediately secured the impacted workstation, implemented even more stringent information security standards and have since increased staff training on data privacy and security.
The Times Union newspaper reported that the data security incident potentially impacted 270,000 people. The company provides claims services for more than 70 health care providers, the newspaper reported.
“The break-in at Med Associates, which has been in business since 1988, is the fourth-largest records breach in the state since federal law required public disclosure of such attacks starting in 2010. It was also the second major Capital Region break-in this year, after records for more than 135,000 patients were compromised in March at the surgical center for St. Peter's Hospital,” the Times Union reported.
Med Associates is providing one year's free service at a credit monitoring agency in response to the break-in, according to the newspaper article. Company president Catherine Alvey said the breach was reported June 14 to the Office of Civil Rights at the U.S. Department of Health and Human Services (HHS OCR), as is required under a 2009 federal law. The incident has not yet been posted to the OCR breach portal website.