Ransomware Attack on New York Billing Company Affects 942K Individuals

By | August 17, 2022

Practice Resources, a Syracuse, NY, provider of billing and other professional services, has suffered a data breach involving the records of 942,138 individuals.

According to the breach notification sent to the California Attorney General, Practice Resources was the victim of a ransomware attack on April 12, 2022. Assisted by third-party digital forensics experts, Practice Resources determined that there had been unauthorized access to parts of the network where the protected health information of its clients was stored and the attackers may have infiltrated that information prior to file encryption.

A review of the documents potentially affected by the attack confirmed they contained information such as names, addresses, dates of treatment, health plan numbers, and medical record numbers. Practice Resources has offered affected individuals a complimentary membership to an identity theft protection and credit monitoring service.

Practice Resources said it has issued notification letters to affected individuals on behalf of 28 clients that were affected by the data breach.

  • Achieve Physical Therapy, PC
  • CNY Obstetrics and Gynecology, P.C.
  • Community Memorial Hospital, Inc
  • Crouse Health Hospital, Inc
  • Crouse Medical Practice PLLC
  • Family Care Medical Group, PC
  • Fitness Forum Physical Therapy, PC
  • FLH Medical PC
  • Greece Dermatological Associates, PC
  • Guidone Physical Therapy, PC
  • Hamilton Orthopedic Surgery & Sports Medicine
  • Helendale Dermatological and Medical Spa, PLLC
  • Kudos Medical, PLLC
  • Laboratory Alliance of Central New York, LLC
  • Liverpool Physical Therapy, PC
  • Michael J Paciorek, MD PC
  • Nephrology Associates of Watertown, PC
  • Nephrology Hypertension Associates of CNY, PC
  • Orthopedics East, PC
  • Salvation Army
  • Soldiers & Sailors Memorial Hospital—Physician Practices
  • Joseph’s Medical
  • Surgical Care West, PLLC
  • Syracuse Endoscopy Associates, LLC
  • Syracuse Gastroenterological Associates, PC
  • Syracuse Pediatrics
  • Tully Physical Therapy
  • Upstate Community Medical, PC

Valley Baptist Medical Center Systems Hacked

Brownsville, TX-based Valley Baptist Medical Center has recently started notifying certain patients that some of their protected health information has been exposed and potentially stolen. On June 14, 2022, Valley Baptist determined that an unauthorized third party had gained access to a computer system. The forensic investigation determined that unauthorized access occurred between March 31 and April 24, 2022.

When the breach was detected, user access to systems was suspended, cybersecurity protocols were implemented, and steps were taken to prevent further unauthorized access. The forensic investigation determined that patient information was potentially affected, including names, contact information, dates of birth, health insurance information, dates of service, patient account numbers, medical record numbers, medications, diagnosis information, provider and facility names, and visit information. Valley Baptist said patients of its Brownsville and Harlingen medical centers were affected.

The data breach has yet to appear on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

The post Ransomware Attack on New York Billing Company Affects 942K Individuals appeared first on HIPAA Journal.