Faraci Lange is currently investigating consumer protection claims against New York Oncology Hematology, a health care provider based in Albany, which recently notified more than 128,400 of its employees and patients of a data breach that occurred within the organization earlier this year.
According to a statement released by the NYOH, a phishing cyberattack was discovered in April that allowed hackers to gain access to fifteen employee email accounts. These email accounts potentially contained sensitive information of NYOH’s current and former patients and employees.
Phishing is a method of cyberattack which involves sending a fraudulent email intended to deceive the recipient into believing it is from a legitimate source.
In this case, NYOH employees were sent a series of phishing emails by which they were convinced to enter their email usernames and passwords on what appeared to be a legitimate login web-page. This allowed hackers to collect these employee credentials and ultimately use them to gain access to the email accounts.
Between April 20th and April 27th of this year, cyber-attackers accessed fifteen of the organization’s email accounts. These email accounts were, “typically only accessible for a short period of hours before access was terminated by our IT vendor,” according to the NYOH’s statement.
Once the data breach was discovered, NYOH’s IT team took steps to reset user passwords in order to shut down the unauthorized access and a forensic firm was hired to conduct a review of the content of the accounts.
According to the forensic team’s analysis, the data breach may have exposed names, dates of birth, home addresses, email addresses, insurance information, as well as medical information such as test results, diagnostic codes, account numbers, and service dates of current and former NYOH patients and employees. Social security and driver’s license numbers may also be at risk in a limited capacity.
NYOH patients and employees were sent letters in November notifying them of the data breach.