Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

New York Oncology Hematology suffers HIPAA email breach

New York Oncology Hematology suffers HIPAA email breach

On November 9, 2018, New York Oncology Hematology submitted a  HIPAA Email Breach to the  U.S. Department of Health and Human Services (HHS). Based in New York, New York Oncology Hematology's email breach affected 128,400 individuals’  protected health information. New York Oncology Hematology is classified as a Healthcare Provider. According to a recent report:

NYOH has determined an unauthorized user may have gained access to several employee email accounts through a series of targeted phishing emails. While NYOH and its partners are not aware of any actual access to or attempted misuse of patient or employee information related to this incident, we continue to take steps to protect our patients and employees’ information.

The phishing emails sent were sophisticated in that they appeared as a legitimate email login page, which convinced the NYOH personnel to enter their user names and passwords. These credentials were then harvested and used by the attackers to gain access to the email accounts, which were typically only accessible for a short period of hours before access was terminated. NYOH hired an outside forensic firm to conduct a review of the content of the accounts following the phishing attack, which occurred between April 20 and April 27. Following a thorough analysis, on October 1, they determined that one or more of the affected email accounts contained protected health information and other personal information of patients or employees. Patients and employees who joined NYOH after April 27, 2018, are not involved.

 

HHS Wall of Shame

The  HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights. As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured  protected health information affecting 500 or more individuals.

 

HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals, as reported in the HHS Wall of Shame.

 

Try Paubox Email Suite for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.