NRAD suffered PHI data breach

June 27th, 2014 by admin Leave a reply »

NRAD medical associates situated in Garden City, New York suffered data breach due to unauthorized access of the data by one of its employee. NRAD has informed around 97,000 patients which were affected by this breach. According to the reports, internal employee accessed protected health information (PHI) and patient billing data back in April 2014. Information included date of birth, address, Social Security number, and health insurance information.

The employee working as radiologist was able to pass IT security safeguards in place and accessed information. NRAD said that it “immediately enhanced security measures” and doesn’t believe any of the compromised data was used maliciously. “We believe there is very low risk from this event and the data breach has been contained. We have no evidence that any customer financial or credit card information was involved,” the organization said, according to the report. They do not indicate when the breach occurred or how it was discovered.

In response to the discovery, NRAD “immediately implemented enhanced security measures,” and recommended that patients contact one of the three major credit bureaus to place a fraud alert on credit reports. In the FAQ, they state that the radiologist is “no longer employed at the practice and his misconduct was reported to the appropriate authorities and government agencies for investigation.” The breach was also reported to HHS.

According to the NRAD:

In terms of the scope of the breach, NRAD reports that it affects approximately 97,000 current and former patients, which they state is approximately 12% of the more than 800,000 patients they have treated over the past 20 years. It was not clear from their letter whether all 800,000 current and former patients’ information was still in their billing system (and if so, why).

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Leave a Reply