270,000 patient records breached in Med Associates hack

The healthcare billing claims vendor discovered a hacker accessed an employee workstation on March 22.
By Jessica Davis
12:09 PM
patient records breached at Med Associates

A hack on Albany-based Med Associates may have breached the patient records of more than 270,000 patients. The healthcare billing claims vendor began notifying patients on June 14, and local New York-based publication Times Union was able to obtain the exact number of impacted patients.

Med Associates provides claims services for about 70 healthcare providers.

Officials discovered the breach on March 22 when an employee workstation began displaying unusual activity. An investigation by a Med Associates third-party forensics team determined a hacker accessed the workstation and may have accessed patient data.

Learn on-demand, earn credit, find products and solutions. Get Started >>

Med Associates is continuing to investigate the incident. But officials determined the affected data contained demographic information, addresses, dates of service, medical data and insurance identification numbers. This type of information can be used by hackers for medical fraud.

Officials said the workstation did not contain financial information. However, Med Associates President Catherine Alvey told the Times Union that some Social Security numbers were included in the data. All impacted patients are being offered a year of free credit monitoring.

Under HIPAA, organizations must report breaches within 60 days of discovery, even with an investigation underway. The notice did not clarify the reason for the delayed report. Med Associates did not respond to a request for comment.

[Also: The biggest healthcare data breaches of 2018 (so far)]

One of Illinois’ largest providers, Presence Health, was the first to settle with the Department of Health and Human Services Office of Civil Rights in January 2017 for failing to report a breach in a timely manner. It cost Presence Health $475,000.

Twitter: @JF_Davis_
Email the writer: jessica.davis@himssmedia.com

More regional news

President Joe Biden stands in front of monitors

 (Photo by Alex Wong/Getty Images)

telehealth visit using Tyto Care technology

Karen Martin, DNP, director of pediatrics, conducts a telehealth visit using Tyto Care technology.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.