A newly discovered data breach at Albany-based Med Associates may have exposed the protected health information (PHI) of more than 270,000 patients. Compromised information includes patient names, dates of birth, addresses, dates of service, diagnosis codes, procedure codes, insurance information and insurance ID numbers.
Med Associates said that it discovered the breach on March 22 after an employee's workstation began displaying “unusual activity”. With the help of its IT vendor and a third-party forensics firm, Med Associates discovered an unauthorized third party may have accessed certain personal and protected information. However, it noted “no banking or credit card information contained on or accessible from the workstation.”
The healthcare did not provide the exact number of individuals affected in its announcement. However, Times Union reported the number of impacted patients amounted to 270,000.
Med Associates said it has started taking corrective and preventive measures to address the issue and avoid similar incidents in the future.
“The privacy and security of information in our possession are one of our highest priorities," Med Associates said in a press release. "Upon learning of this incident, we immediately secured the impacted workstation, implemented even more stringent information security standards and have increased staff training on data privacy and security."
Med Associates is currently notifying patients who were potentially affected by the breach and is providing free access to one year of credit monitoring and identity restoration services via TransUnion.
It has also notified the Office for Civil Rights (OCR) about the breach on June 14.