Med Associates Hacking Incident Impacts up to 270,000 Patients

by | Jul 2, 2018

Med Associates the health billing company, located in Latham, NY-based, which provides claims services to over 70 healthcare providers, has found that an employee’s computer has been logged onto by an unauthorized individual.

It is possible that the hacker obtained to the protected health information of up to 270,000 clients through the compromised device.

Unusual activity was noticed on a staff member’s computer on March 22, 2018, leading to an investigation by the IT department. Additional investigation by a third-party computer forensics firm confirmed that the machine had been remotely accessed by an unauthorized person.

The investigation revealed that the HIPAA violation occurred on the same day that the unusual activity was noticed. After identifying the breach, access to the computer was disable.

Med Associates and the computer forensics firm did not find any proof to suggest that any information accessible through the computer was accessed by the hacker and neither have any reports been submitted to suggest any PHI has been improperly used. All patients affected by the breach have now been contacted and have been offered one year of credit monitoring and identity theft protection services for free.

The majority of people affected by the breach live in the Capital Region, although around 1,700 people in Massachusetts, Florida, and Vermont have also been impacted.

With the majority the patients impacted, the breach was restricted to names, addresses, dates of birth, health insurance information, dates of service, and diagnosis and procedure codes, although a small number of Social Security numbers were also available through the machine.

A reported in TimesUnion, Med Associates submitted a breach report to the Department of Health and Human Services’ Office for Civil Rights (OCR) on June 14, 2018.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy