Join our brand new verified AMN Telegram channel and get important news uncensored!

Hackers may have breached medical billing records of nearly 1 million NY patients

Hackers (Wikimedia Commons/Released)
September 01, 2022

The medical billing records of nearly 1 million Central New York patients may have been obtained by hackers.

Practice Resources LLC, a company that provides billing services for dozens of hospitals and medical providers, said hackers may have obtained names, home address, dates of treatment and internal account numbers of more than 924,000 patients.

ALERT: Americans are getting supersonic air travel – here’s the jet you’ll fly in

No private medical information, credit card numbers or Social Security numbers were exposed, said David Barletta, chief executive officer of Practice Resources. Practice Resources’ required public notice said there was “no evidence that information was misused as a result of this incident.” The company is providing for free a year of online cybersecurity protection for all affected patients.

Practice Resources bills about $450 million annually for its clients, Barletta said. The data breach affected the records of patients of at least 28 Central New York medical providers, including bedrock institutions like St. Joseph’s, Crouse and Upstate Community hospitals; the Salvation Army; and the sprawling Family Care Medical Group. (See full list below.)

The breach also includes billing records of physical therapists, pediatricians, gynecologists and orthopedic surgeons.

Family Care Medical Group lost all of its laboratory data and had to shut down its lab for months while rebuilding the computer system, said the group’s chief executive officer, Dr. Mitchell Brodey. Lab work was sent to another laboratory in the meantime.

“We just reopened a week ago,” Brodey said.

Family Care is owned by the same doctors group that owns Practice Resources.

The billing company was hit by a ransomware attack in April, and it took months to determine which patient accounts had been accessed. In a ransomware attack, hackers lock down or hide information in a computer system and demand a ransom to release it.

Barletta said he could not say whether Practice Resources paid a ransom to free the data.

“Due to the ongoing investigation, we’re not allowed to discuss that,” he said.

Barletta said Practice Resources hired a forensic team to scout patient data and see what might have been taken.

“There was no evidence that any patient information was accessed, including Social Security numbers,” he said.

Barletta said the state Attorney General’s office is investigating the hacking and whether Practice Resources’ data security was adequate. Wegmans supermarket chain was recently fined $400,000 by the attorney general’s office for lax cloud storage that exposed the data of more than 3 million customers.

The Practice Resources breach happened April 12, but patients are just now receiving letters. Barletta said the forensic investigation was time-consuming, and figuring out which patients’ accounts had been hacked, and contacting each medical practice, took months.

If you haven’t received a letter but think your data might be at risk, you can call 1-866-667-1465, from 8 a.m. to 8 p.m. weekdays.

The Syracuse City School District and Onondaga County Public Library were hit by ransomware attacks in 2019. It took weeks to restore the systems.

Here’s the list of medical providers whose patients’ records might have been affected by the Practice Resources breach:

Achieve Physical Therapy, PC

CNY Obstetrics and Gynecology, P.C.

Community Memorial Hospital, Inc

Crouse Health Hospital, Inc

Crouse Medical Practice PLLC

Family Care Medical Group, PC

Fitness Forum Physical Therapy, PC

FLH Medical PC

Guidone Physical Therapy, PC

Hamilton Orthopedic Surgery & Sports Medicine

Helendale Dermatological and Medical Spa, PLLC

Kudos Medical, PLLC

Laboratory Alliance of Central New York, LLC

Liverpool Physical Therapy, PC

Michael J Paciorek, MD PC

Nephrology Associates of Watertown, PC

Nephrology Hypertension Associates of CNY, PC

Orthopedics East, PC

Salvation Army

Soldiers & Sailors Memorial Hospital—Physician Practices

St. Joseph’s Medical

Surgical Care West, PLLC

Syracuse Endoscopy Associates, LLC

Syracuse Gastroenterological Associates, PC

Syracuse Pediatrics

Tully Physical Therapy

Upstate Community Medical, PC


© 2022 Advance Local Media LLC

Distributed by Tribune Content Agency, LLC.