Med Associates the health billing company, located in Latham, NY-based, which provides claims services to over 70 healthcare providers, has found that an employee’s computer has been logged onto by an unauthorized individual.
It is possible that the hacker obtained to the protected health information of up to 270,000 clients through the compromised device.
Unusual activity was noticed on a staff member’s computer on March 22, 2018, leading to an investigation by the IT department. Additional investigation by a third-party computer forensics firm confirmed that the machine had been remotely accessed by an unauthorized person.
The investigation revealed that the HIPAA violation occurred on the same day that the unusual activity was noticed. After identifying the breach, access to the computer was disable.
Med Associates and the computer forensics firm did not find any proof to suggest that any information accessible through the computer was accessed by the hacker and neither have any reports been submitted to suggest any PHI has been improperly used. All patients affected by the breach have now been contacted and have been offered one year of credit monitoring and identity theft protection services for free.
The majority of people affected by the breach live in the Capital Region, although around 1,700 people in Massachusetts, Florida, and Vermont have also been impacted.
With the majority the patients impacted, the breach was restricted to names, addresses, dates of birth, health insurance information, dates of service, and diagnosis and procedure codes, although a small number of Social Security numbers were also available through the machine.
A reported in TimesUnion, Med Associates submitted a breach report to the Department of Health and Human Services’ Office for Civil Rights (OCR) on June 14, 2018.