NewYork-Presbyterian hospital is reaching out to 12,000 patients, including some treated at its Queens hospital in Flushing, in regard to a data breach that compromised personal and medical information.
The announcement was made via press release by hospital officials on Nov. 11. Patients treated at NewYork-Presbyterian/Hudson Valley also may be affected.
“Information pertaining to those patients include first and last names, addresses, insurance authorizations, medical records, numbers and exam results,” NYP said.
On Sept. 8, NYP’s data security monitors received an alert of suspicious activity on one of its servers, including possible attempts to download information by an unauthorized user. The press release said the attempts were successfully blocked and NYP’s Information Security Department began a review.
“As a result of its review, NYP later learned that an unauthorized third-party had used a cloud-based, remote information technology customer support program to gain access to the laptops of several of its workforce members, copying and removing desktop files from some of the devices,” the hospital said.
NYP’s patient portal was not accessed, but one of the compromised laptops contained protected health information of certain patients at both hospitals.
NYP is offering credit monitoring and identity theft protection services through ID Experts for all impacted patients. ID Experts’ services include 12 months of credit monitoring and fully managed identity theft recovery services. NYP said the company will notify and assist in resolving issues for any individual whose identity has been compromised as a result of the incident.
NYP has also established a call center with personnel available to answer questions from those impacted. Patients can call toll free Monday through Friday, from 8 a.m. to 8 p.m. at 1 (888) 308-4435.
Patients are also encouraged to visit nyp.org to learn more.
As required by law, NYP is reporting the incident to the Department of Health and Human Services, Office for Civil Rights and to the Office of the Attorney General in New York State.
The entire press release can be found online at bit.ly/3V0ETgV. An NYP spokesperson told the Chronicle in an email that there would be no further comment.
The FBI has tips for individuals and businesses to protect themselves from cybercrime at fbi.gov/investigate/cyber. It also has regular industry alerts and a link to the bureau’s Internet Crime Complaint Center.
The FBI recommends:
• keeping systems and software up to date and installation of a strong, reputable anti-virus program;
• being careful when connecting to a public Wi-Fi network and not conducting any sensitive transactions, including purchases, when on a public network;
• creating a strong and unique passphrase for each online account and changing those passphrases regularly;
• setting up multifactor authentication on all accounts that allow it;
• examining the email address in all correspondence and scrutinizing website URLs before responding to a message or visiting a site;
• not clicking on anything in unsolicited emails or text messages;
• being cautious about the information shared in online profiles and social media accounts. Sharing things like pet names, schools and family members can give scammers the hints they need to guess your passwords or the answers to your account security questions; and
• not sending payments to unknown people or organizations that are seeking monetary support and urge immediate action.
