63,500 patient records breached by New York provider's misconfigured database

Middletown Medical left a radiology interface open to the public, exposing patient data in the process.
By Jessica Davis
11:37 AM
Share
healthcare breach

Middleton Medical Center in Middleton, New York. Credit: Google Maps

New York-based Middletown Medical is notifying 63,551 of its patients that their data may have been breached due to a misconfigured radiology interface.

Misconfigured databases have been a major problem across all sectors, especially in the healthcare sector.

Just last month a Long Island provider notified 42,000 patients of a breach caused by a misconfigured database. Accenture, data analytics firm Alteryx, Emory Brain Health Center and a long list of others have breached data by failing to secure online or public-facing databases.

[Also: The biggest healthcare data breaches of 2018 (so far)]

In Middletown Medical’s case, the flaw in a security setting was discovered Jan. 29 and fixed the next day. Officials could not determine how long the data was exposed, but said only a limited number of patient data could have been accessed by unauthorized users.

The database contained patient names, client identification numbers, birthdates, radiology services received by the patient and the date services were provided. This type of data can be used by cybercriminals for medical fraud, if the database was indeed accessed.

For a limited number of patients, diagnosis codes, radiology images and radiology reports were included. Social Security numbers and financial data were not breached.

Upon discovering the breach, Middletown Medical accessed its security policies and procedures. Officials said they’ve also implemented additional security measures to ensure patient data remains confidential. Staff have also been given additional training on securing systems and modifications to interfaces.

All patients are being offered a year of free credit monitoring. All patients are advised to carefully review their account information for any signs of fraudulent activity. 

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com