by Hoala Greevy Founder CEO of Paubox
Article filed in

New York Oncology Hematology Suffers HIPAA Email Breach

by Hoala Greevy Founder CEO of Paubox

hipaa email breach, hipaa email data breach, paubox hipaa breach report

On November 9, 2018, New York Oncology Hematology submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).

Based in New York, New York Oncology Hematology’s email breach affected 128,400 individuals’ protected health information.

New York Oncology Hematology is classified as a Healthcare Provider

According to a recent report:

NYOH has determined an unauthorized user may have gained access to several employee email accounts through a series of targeted phishing emails. While NYOH and its partners are not aware of any actual access to or attempted misuse of patient or employee information related to this incident, we continue to take steps to protect our patients and employees’ information.

The phishing emails sent were sophisticated in that they appeared as a legitimate email login page, which convinced the NYOH personnel to enter their user names and passwords. These credentials were then harvested and used by the attackers to gain access to the email accounts, which were typically only accessible for a short period of hours before access was terminated.

NYOH hired an outside forensic firm to conduct a review of the content of the accounts following the phishing attack, which occurred between April 20 and April 27. Following a thorough analysis, on October 1, they determined that one or more of the affected email accounts contained protected health information and other personal information of patients or employees. Patients and employees who joined NYOH after April 27, 2018, are not involved.

HHS Wall of Shame

The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.

As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.

HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.