Med Associates Suffer Data Breach: 270,000 Records Left Exposed

Cyber attacks on the health care sector have continued into this week too. The latest attack resulted in the compromise of approximately 270,000 patient records after Med Associates suffered a data breach. The firm confirms that the breached data may have included personal details of the patients. However, the investigations are still going on about the matter.

Med Associates Suffered Data Breach In March

Med Associates healthcare service suffered a data breach, which may have left a large number of patients data exposed to hackers. The firm discovered some unusual activity from one of its official workstations on March 22, 2018. Right after this discovery, the firm began forensic investigations to unveil the details, however it has only recently announced the breach. Sadly, the investigations confirmed that some unauthorized individuals had accessed the workstation. Therefore, they might have accessed some patients’ records too.

According to Times Union, the breach data may include approximately 270,000 patient records. And, as confirmed by Med Associates’ official notification on its website, this may also include personal details.

“It was determined that the unauthorized party accessed the workstation and through that, may have had access to certain personal and protected information. While our investigation is ongoing, we have determined that that information that may have been accessible from the workstation would have included patient names, date of birth, address, dates of service, diagnosis codes, procedure codes and insurance information, including insurance ID Number.”

The firm began notifying their users about the incident via emails. Yet, as a precautionary measure and a confirmation to their emails, they have uploaded the notice on their website as well.

“Out of an abundance of caution, we are informing individuals whose personal and health information may have been involved by mailing a letter to their last known address. Since it is possible we have outdated contact information for some individuals, we are also providing this notice on our website as required by HIPAA.”

Med Associates Confirm No Misuse Of Breached Data

In their official notice, they confirmed no breach of the financial details. Nor they have noticed any misuse of the leaked information.

“There was no banking or credit card information contained on or accessible from the workstation. Additionally, we are currently not aware of any misuse of patients’ protected health and/or personal information.”

They further assured their patients that they have taken every possible security measure to contain the cyber attack. Yet, it’s strange that they took a such a long time to disclose the incident after Med Associates suffered the data breach. Despite clear instructions by HIPAA for the disclosure of such incidents within 60 days from happening even if the investigations are in progress.

Not to forget, this is just another data breach reported for a healthcare service within a week. A few days ago, we came to know about the data breach happened at CarePartners. That incident also exposed personal and financial details of the users exposed to hackers.

Let us know your thoughts in the comments section below.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil