63,500 patient records breached by New York provider's misconfigured database

Middletown Medical left a radiology interface open to the public, exposing patient data in the process.
By Jessica Davis
11:37 AM
healthcare breach

New York-based Middletown Medical is notifying 63,551 of its patients that their data may have been breached due to a misconfigured radiology interface.

Misconfigured databases have been a major problem across all sectors, especially in the healthcare sector.

Just last month a Long Island provider notified 42,000 patients of a breach caused by a misconfigured database. Accenture, data analytics firm Alteryx, Emory Brain Health Center and a long list of others have breached data by failing to secure online or public-facing databases.

[Also: The biggest healthcare data breaches of 2018 (so far)]

In Middletown Medical’s case, the flaw in a security setting was discovered Jan. 29 and fixed the next day. Officials could not determine how long the data was exposed, but said only a limited number of patient data could have been accessed by unauthorized users.

The database contained patient names, client identification numbers, birthdates, radiology services received by the patient and the date services were provided. This type of data can be used by cybercriminals for medical fraud, if the database was indeed accessed.

For a limited number of patients, diagnosis codes, radiology images and radiology reports were included. Social Security numbers and financial data were not breached.

Upon discovering the breach, Middletown Medical accessed its security policies and procedures. Officials said they’ve also implemented additional security measures to ensure patient data remains confidential. Staff have also been given additional training on securing systems and modifications to interfaces.

All patients are being offered a year of free credit monitoring. All patients are advised to carefully review their account information for any signs of fraudulent activity. 

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

More regional news

Above photo: Dr Gamaliel Tan (in grey), Group CMIO, NUHS during NTFGH's HIMSS EMRAM 7 revalidation (virtual) in November 2020. Credit: NTFGH

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.