135,000 Records Breached in New York Surgery & Endoscopy Center Hacking Attack

by | Mar 8, 2018

St. Peter’s Surgery & Endoscopy Center in New York has been hit by a malware infection which could have allowed hackers to access medical records of up to 135,000 patients.

This is the second biggest healthcare data breach of 2018, so far, and the largest to be experienced in  New York state since the 3,466,120-record data breach at Newkirk Products, Inc. in August 2016.

The data violation at St. Peter’s Surgery & Endoscopy Center was noticed on January 8, 2018: The same day as hackers obtained access to its server. The quick detection of the malware restricted the time the hackers had access to the server and possibly prevented patients’ data from being seen or copied. However, while no prrof of data access or data theft was found, it was not possible to eliminate either out with a high degree of certainty.

In the substitute branch notice issued, St. Peter’s Surgery & Endoscopy Center says the servers it utilizes are separate from St. Peter’s Hospital and Albany Gastroenterology Consultants. Protected health information stored by those medical centers was not compromised due to the malware infection. Only patients who have earlier visited St. Peter’s Surgery & Endoscopy Center for medical treatment have possibly been impacted. Letters to impacted patients were issued on February 28, 2018 and the incident has been made known to the HHS’ Office for Civil Rights (OCR).

The information possibly accessed/copied was restricted to patients’ names, addresses, dates of birth, dates of service, diagnosis codes, procedure codes, and insurance data. Some patients also had Medicare information accessed. Patients without Medicare did not have their social security details exposed and no patients’ banking or credit/debit card numbers were accessed.

Patients whose Medicare data as exposed have been offered 12 months of credit monitoring and identity theft protection services for free “out of an abundance of caution” and all patients have been told to check their health insurance statements carefully for any sign of fraudulent use of their data.

No details have been released on the exact nature of the security breach, such as how the hackers obtained access to the server to upload malware. St. Peter’s Surgery & Endoscopy Center said steps are being taken to enhance security, which incorporates further staff training. The purchase of more – and more sophisticated – anti-virus and anti-malware solutions is also being considered.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy