Breach impacts 63,551 patients of NY physician group

Information for 63,551 patients for Middletown Medical, a multispecialty physician group in Middletown, New York, was exposed due to a misconfigured security setting on a radiology interface.

The facility reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights on March 29 after discovering the electronic medical record breach January 29.

Protected health information exposed included names, client identification numbers, confirmation that radiology services had been received by patients, and the corresponding dates of service, according to the HIPAA Journal. Additionally, radiology images, reports, and diagnosis codes were exposed for certain patients.

All patients who were impacted by the breach have been offered 12 months of identity theft recovery services. Middletown Medical is now reviewing its policies to ensure its systems are secure. This case is a reminder for organizations of the importance of securing information systems and interfaces to ensure patient privacy.