According to Practice Resources LLC, which handles billing for numerous hospitals and healthcare organisations, over 924,000 patients’ names, addresses, dates of treatment, and internal account numbers may have been compromised by hackers.
Nearly 1 million patients in Central New York’s medical billing records may have been compromised by hackers.
According to Practice Resources CEO David Barletta, no personal medical data, credit card information, or Social Security numbers were revealed. There was “no evidence that information was abused as a result of this event,” according to Practice Resources’ mandatory public notice. All impacted patients will receive a full year’s worth of complimentary online cybersecurity protection from the company.
Billing information for orthopaedic surgeons, paediatricians, gynaecologists, and physical therapists is also compromised.
According to Barletta, Practice Resources bills its clients for around $450 million each year. At least 28 medical facilities in Central New York were compromised by the data leak, including venerable organisations like the Salvation Army, the vast Family Care Medical Group, and hospitals like St. Joseph’s, Crouse, and Upstate Community. (List complete below.)
According to Dr. Mitchell Brodey, the chief executive officer of the organisation, Family Care Medical Group lost all of its laboratory data and was forced to shut down its lab for months as it rebuilt its computer system. In the meanwhile, laboratory work was transferred to another facility.
“We just reopened a week ago,” Brodey said.
The same medical firm that owns Practice Resources also owns Family Care.
A ransomware attack on the billing company occurred in April, and it took months to identify which patient accounts had been compromised. In a ransomware attack, hackers encrypt or conceal data in a computer system and demand payment in exchange for its release. Barletta said that he was unable to confirm whether Practice Resources had paid a ransom to get the data back.
“Due to the ongoing investigation, we’re not allowed to discuss that,” he said. According to Barletta, Practice Resources hired a forensic team to search through patient data and look for possible thefts.
“There was no evidence that any patient information was accessed, including Social Security numbers,” he said. According to Barletta, the state Attorney General’s office is looking into the hacking and the level of data protection at Practice Resources. The attorney general’s office recently penalised Wegmans supermarket chain $400,000 for careless cloud storage that exposed the data of more than 3 million consumers.
Patients are only now getting notices about the Practice Resources hack, which happened on April 12. According to Barletta, it took months to identify whose patients’ accounts had been compromised and contact each medical practise. The forensic investigation was also time-consuming.