New York Mental Health Research Records Breached

The New York State Psychiatric Institute (NYSPI) is notifying more than 20,000 research participants that their protected health information (PHI) may have been breached in a hacking incident earlier this year.

Unauthorized individuals accessed parts of NYSPI’s computer systems between April 28 and May 4, but the intrusion wasn’t discovered until June 17. The breach affected 21,880 individuals, according to the Office for Civil Rights’ “Wall of Shame.” Records stored on the affected systems contain detailed PHI such as:

• Addresses and email addresses
• Driver’s license or state ID numbers
• Health-related information from interviews and questionnaires
• Names
• School information
• Social Security numbers

NYSPI is owned and operated by the New York State Office of Mental Health (OMH). OMH is working with law enforcement and a forensic IT firm to discover the source and cause of the breach and improve security safeguards to prevent similar attacks. OMH is offering affected individuals a 12-month subscription to identity protection services.