Hackers had access to patient information for months in New York hospital cyberattack, officials say – CBS News

Watch CBS News
By Emily Mae Czachor
/ CBS News
A group of New York hospitals and health care centers were targeted in a cyberattack that for two months allowed hackers to access patients’ private information, officials said this week. The attack targeted three separate facilities in the Hudson Valley — HealthAlliance Hospital, Margaretville Hospital and Mountainside Residential Care Center — which all operate under the same parent company and within the hospital conglomerate Westchester Medical Center Health Network.
HealthAlliance, Inc., the corporate parent of the three facilities, said Monday that it “began mailing notification letters to patients whose information may have been involved in a data security incident.” The security issue was acknowledged publicly in October by the broader Westchester health network, but few details were released about the nature or the extent of the breach as an investigation got underway. Now, officials say the probe involving the New York State Department of Health, local authorities in the Hudson Valley, the FBI and a third-party cybersecurity firm determined that hackers were able to access the parent company’s information technology network from Aug. 18 to Oct. 13.
“While in our IT network, the unauthorized party accessed and acquired files that contain patient information,” HealthAlliance said in a statement. “The information involved varied by patient, but may have included names, addresses, dates of birth, Social Security numbers, diagnoses, lab results, medications, and other treatment information, health insurance information, provider names, dates of treatment, and/or financial information.”
The company said it will offer free credit monitoring services and identity theft protection services to patients whose Social Security numbers were potentially stolen. It has also put in place “additional safeguards and technical security measures.” A dedicated call center has been set up for patients to contact HealthAlliance with questions.
CBS News contacted Westchester Medical Center Health Network for more information but did not receive an immediate response.
The health network first warned that some of its facilities were facing a “potential cybersecurity threat and an IT system outage” on Oct. 16, it said in a statement at the time.
Patient care had not yet been impacted, the statement said. But, by Oct. 19, a planned shutdown of the connected IT systems used by all three affected facilities forced emergency medical services crews to divert ambulances from HealthAlliance Hospital and decide whether to discharge admitted patients or transfer them to other hospitals within the Westchester network. Those changes were in effect for several days as the temporary shutdown went ahead, followed by a staged reboot that lasted into the weekend. 
Both HealthAlliance Hospital and Margaretville Hospital continued to accept walk-in patients, and officials said at the time they would be “treated, assessed and either released, or stabilized and transferred to other WMCHealth facilities.” HealthAlliance said the facilities were “fully operational” by the evening of Oct. 21, although emergency stroke patients still needed to be treated elsewhere.
The cyberattack that targeted HealthAlliance was one of a growing number of cyber threats impacting hospitals and health care centers across the United States, potentially opening up patients’ private data to bad actors and interrupting or threatening their quality of medical care. At least 299 hospitals have experienced ransomware attacks in 2023, according to the Institute for Security and Technology.
One attack last month targeted a large health care conglomerate, the Tennessee-based Ardent Health Services. The attack affected 30 hospitals and more than 200 health care sites across six states. The company said it became aware of the breach on Thanksgiving day. 
Because of the breach, a patient scheduled to undergo a heart procedure at an affected health care site in Oklahoma and another scheduled for an annual cancer check at an affected site in Kansas both told CBS News their appointments were suddenly postponed or canceled entirely. 
In New Jersey last month, two hospitals were forced to divert patients headed to their emergency rooms to other facilities, CBS New York reported. Hospital officials said at the time that patient care was not affected, but Jack Danahy, a cybersecurity expert, told CBS New York that cyberattacks like that one “can have a material effect on the provision of care,” adding, “We know with the case of earlier attacks, it can take weeks or months for those systems to come back online.”
—Nicole Sganga contributed reporting.
Emily Mae Czachor is a reporter and news editor at CBSNews.com. She covers breaking news, often focusing on crime and extreme weather. Emily Mae has previously written for outlets including the Los Angeles Times, BuzzFeed and Newsweek.
First published on December 12, 2023 / 3:41 PM EST
© 2023 CBS Interactive Inc. All Rights Reserved.
Copyright ©2023 CBS Interactive Inc. All rights reserved.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *