Patient Data Exposed in Cyberattack

Patient Data Exposed in Cyberattack

( – When people go to the doctor, they expect a shield of privacy. But now that most offices keep their records online, patients’ private information can be unlawfully taken through the hacking efforts of cybercriminals. According to the FBI’s Internet Crime Report from 2020, the agency received more than 2,000 complaints related to cyber crimes daily. While the healthcare industry is trying to combat the problem by spending trillions of dollars on cybersecurity measures, prevention isn’t always enough. Recently, several New York hospitals became the target of an alarming cyberattack, giving them access to sensitive information.

What Happened?

On December 11, the Westchester Medical Center Health Network announced that on October 12, HealthAlliance learned about a data security breach that affected some of its hospitals’ IT systems. The corporation is the parent of HealthAlliance Hospital Mary’s Avenue Campus, Margaretville Hospital, and Mountainside Residential Care Center. When HealthAlliance discovered the incident, it immediately took action to secure the hospitals’ data storage systems and contain the problem. The company also called the police and hired a firm to conduct an investigation and assess the damage.

That investigation showed that a third party broke into the healthcare company’s network between August 18 and October 13, accessing files containing patient information. HealthAlliance first released a notice about a problem on October 16 and provided an update three days later. The data accessed included names, birthdays, Social Security numbers, personal health information, health insurance details, doctors names, treatments, medications, and financial data.

The notification didn’t detail how many patients were exposed to the attack, but the company assured it was taking steps to prevent a repeat incident. HealthcareAlliance also offered credit monitoring and identity theft protection for those affected to catch any possible identity theft situations. The notice also relayed an apology to those affected.

Other Incidents

According to CBS News, hospitals are increasingly becoming targets for cybercriminals. In fact, the Institute for Security and Technology reported that nearly 300 hospitals have been victims in 2023. That’s especially concerning because of the sensitive information contained in patient files. The news outlet said a recent attack against the Ardent Health Services healthcare network involved 30 hospitals and over 200 healthcare sites in half a dozen states. Another breach in New Jersey in November caused multiple hospitals to send emergency patients elsewhere. It didn’t affect patient care at that time, but it could in the future. Cybersecurity expert Jack Danahy said some instances can keep hospitals offline for “weeks or months.”

Copyright 2023,