Middletown Medical Data Breach Impacts 63,500 Patients

by | Apr 18, 2018

A improperly configured security setting on a radiology interface has lead to the exposure of tens of thousands of patients’ protected health data.

A multi-specialty physicians’ organization based in Middleton, NY, Middletown Medical, first noticed the misconfigured security setting on January 29, 2018.

The next day the interface was reconfigured to ensure unauthorized people could not access patient information. It is not clear for how long patient data remained accessible. Middletown Medical says only a restricted number of patients’ PHI could have been obtained by unauthorized people.

Highly sensitive details including financial data, Social Security numbers, and insurance information were not accessed. The breach was restricted to names, client identification numbers, birthdays, confirmation that radiology services had been received by clients, and the dates those services took place. A lsmall number of patients also had diagnosis codes, radiology images and radiology reports obtained.

After finding the breach, Middletown Medical looked over its polices and procedures and implement additional security measures to ensure the confidentiality of documents containing PHI. Additional training has been given to staff on securing data storage systems and modifications have been applied to interfaces to ensure all information remains safeguarded.

No indications of misuse of PHI have been found although, as a precautionary measure, all patients affected by the breach have been offered free identity theft recovery services for one year and have been told to carefully monitor their account statements and Explanation of Benefits statements for any sign or fraudulent behavior.

The data breach summary filed to the Department of Health and Human Services’ Office for Civil Rights (OCR) shows up to 63,551 patients had their PHI accessed, making this one of the biggest healthcare security incidents to be reported so far in 2018.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy