Four Winds Hospital, Westchester County
Breach Type –
Unknown, Ransomware
Data Breaches
November 23rd, 2020
-
The hospital was victim to a ransomware attack that denied access to hospital systems
-
The attack was learned of September 1st and prompted notifying Federal Law Enforcement and NYS
-
Sensitive information and private patient information was accessed by bad actors
Read More
Wyckoff Heights Medical Center, Kings County
Breach Type –
Unknown, Ransomware
Digital Journal
November 2nd, 2020
-
Hospital was victim of Ryuk ransomware cyberattack
-
Healthcare provider was one of several victims in a spree of attacks
-
Officials disabled their network in an attempt to mitigate the damage
Read More
Oswego health, Oswego county
Breach Type –
Unknown, Data Breach
Oswego County News Now
October 13th, 2020
-
Bad actors were potentially able to gain access to employee email account between June 11th and June 15th
-
Official statement did not state how or when potential leak was discovered
-
Exposed emails contained potentially sensitive information regarding patients
Read More
Century Specialty Script, Westchester County
Breach Type –
Phishing, Data Breach
Data Breaches
September 26th, 2020
-
Specialized pharmacy in New York released public statement stating that potential exposure may have occurred
-
According to public release exposure was caused through exploit in office 365 Microsoft account
-
Bad actors may have been able to gain access to sensitive information
Read More
Catholic Health, Erie County
Breach Type –
Unknown, Data Breach
WIVB 4
September 1st, 2020
-
Catholic Health was among 3 million healthcare providers serviced by Blackbaud
-
Blackbaud had been victim of massive data breach
-
Information included names, medical record numbers, and dates of service among others
Read More
Memorial Sloan Kettering Cancer Center, Manhattan Borough
Breach Type –
Unknown, Data Breach
ABC 7
September 15th, 2020
-
Third-party vendor was victim of data breach, affected healthcare providers
-
Officials believed credit card, social security, and bank information remained safe
-
Outside IT personnel were contacted to assist with investigation
Read More
Montefiore Medical Center, Bronx Borough
Breach Type –
Unknown, Data Breach
PR Newswire
September 14th, 2020
-
Third-party vendor was victim of cyberattack, affecting healthcare provider
-
Officials reassured patients that only vendor's database had been hit
-
Healthcare center established dedicated call center to assist affected patients
Read More
Samaritan Medical Center, Jefferson County
Breach Type –
Unknown, Malware
WWNY 7 News
July 27th, 2020
-
Staff have to resort to using both pen and paper in the medical center following a server shutdown due to potential security indecent
-
The hospital is still caring for patients despite the lack of servers although some appointments were postponed
-
No patient transfers were able to be completed due to the lack of information on databases
Read More
WWNY 7 News
August 7th, 2020
-
Computer systems were restored following the attack
-
It has not been publicly released whether or not the attack was ransomware based
-
A third of the 1,400 computers have been check and restored back to functional operations
Read More
Becker's Hospital Review
September 9th, 2020
-
The hospital was taken offline following the attack and prompted both restorations and investigations of the servers
-
Third party professionals were brought in to assist with restoration processes
-
Patients are still being seen and are advised to bring their own medication lists for appointments
Read More
Boyce Technologies, Queens Borough
Breach Type –
Unknown, Ransomware
Cointelegraph
August 7th, 2020
-
Bad actors threatened to leak data following ransomware cyberattack
-
Officials believed that due to the nature of the attack the setback could cost lives
-
Medical company did not disclose the extend of the attack
Read More
Samaritan Medical Center, Jefferson County
Breach Type –
Unknown, Malware
WWNY 7 News
July 27th, 2020
-
Healthcare center hit in malware cyberattack, forced to utilize pen and paper notes
-
Both the FBI and US Department of Homeland Security were notified of the cyberattack
-
Hospital continued to take patients, damage caused was minimal
Read More
Oswego Health, Oswego County
Breach Type –
Phishing, Other
Becker's Hospital Review
June 17th, 2020
-
Healthcare provider launched investigation following phishing attempt
-
Employee email account was fraudulently accessed by bad actor
-
Officials confirmed hacked account had been re-secured
Read More
National Eating Disorders Association (NEDA), New York County
Breach Type –
Unknown, Ransomware
Medium
April 1st, 2020
-
Bad actors threatened release of data following cyberattack
-
Non-profit organization was latest victim of ransomware
-
Sensitive data was leaked several days later
Read More
East House, Monroe County
Breach Type -
Phishing, Data Breach
PR News Wire
February 17th, 2020
-
East house is alerting public of potential data misuse in recent suspicious activity
-
An employee email was accessed potentially exposing several employees' sensitive private information
-
Following event East house is informing staff on preventative measures to avoid future reoccurrences
Read More
Personal-Touch Home Care, Nassau County
Breach Type -
Unknown, Ransomware
Beckers Hospital Review
February 27th, 2020
-
Over 157,000 patients had information exposed
-
Ransomware used by bad actors to steal private information
-
Third party IT firm and federal law enforcement assisted
Read More
Jordan Health, Monroe County
Breach Type -
Unknown, Ransomware
Rochester First
February 28th, 2020
-
Health center was victim of ransomware cyberattack
-
FBI and others helped investigate attack and restore system
-
Officials believed patient information wasn't leaked
Read More
Health Quest; Lagrangeville, Dutchess County
Breach Type –
Phishing, Data Breach
Becker’s Hospital Review
January 13th, 2020
-
Numerous employees were victim of phishing cyberattack
-
Employees provided credentials to fraudulent entity
-
IT officials secured affected email accounts following attack
Read More
Brooklyn Hospital Center, Kings County
Breach Type –
Unknown, Ransomware
Bleeping Computer
November 5th, 2019
-
Ransomware attack caused permanent data loss at Brooklyn Hospital
-
Officials believed that data was not stolen from their system and was only removed
-
Notification to patients indicated that hospital did not have appropriate backup systems
Read More
Adirondack Health, Franklin County
Breach Type - Hacking, Data Breach
Health IT Security
July 16th, 2019
- 25,000 patients have been notified following an attack potentially exposing sensitive information
- A hacker had gained access to an email account allowing them to view protected information of one email containing medical information
- It does not seem to originate from a phishing attack and instead accessed from an outside remote attack
Read More
Olean Medical Group, Cattaraugus County
Breach Type - Unknown, Ransomware
Olean Times Herald
June 17th, 2019
- It was discovered that 40,000 patients were not exposed following a hack
- The group remains actively practicing, simply resorting to pen and paper as systems are restored
- The attack was compared to a terrorist attack as hackers sought out an large sum in order to supposedly restore files
Read More
Episcopal Health Services, Queens County
Breach Type - Phishing, Data Breach
Data Breaches
May 10th, 2019
- There had been suspicious email activity in employee’s email accounts
- Third party investigators assisted investigations finding that the accounts had been accessed
- Some sensitive patient information had been exposed due to the compromised email accounts
Read More
DePaul’s Behavioral Health Program, Erie County
Breach Type - Phishing, Data Breach
Democrat and Chronicle
March 30th, 2019
- There was a data breach found that had left some patients exposed
- Over 40,000 emails were examined due to this phishing scam
- There was a percentage of emails that contained sensitive patient information
Read More
Elizabethtown Community Hospital, Essex County
Breach Type - Phishing, Data Breach
Data Breaches
December 17th, 2018
- Employee’s email account was remotely accessed by an unauthorized user
- Incident did not affect the hospital’s computer networks or electronic medical records
- Compromised account contained sensitive medical information of patients
- Patients’ data potentially compromised
Read More
Episcopal Health Services, Queens County
Breach Type - Phishing, Data Breach
Data Breaches
November 16th, 2018
- Email accounts subject to unauthorized access for 2 months
- Third party forensic investigators thoroughly inspected the suspicious activity
- The accounts involved contained protected health information and financial information
Read More
New York Oncology Hematology, Albany County
Breach Type - Phishing, Data Breach
Times Union
November 16th, 2018
- Health insurance records for more than 128,000 patients and workers potentially stolen by hackers
- New York Oncology Hematology reported that staff fell victim to phishing attack
- Cyber attack occurred in April and no evidence has surfaced that personal data was accessed or misused
Read More
Med Associates, Inc. - Albany Co.
Breach Type - Hack
WHEC
June 15th, 2018
- Med Associates discovered unusual activity at workstation
- Hackers accessed the workstation & potentially compromised PHI
- Med Associates worked to notify patients & offered identity protection services
Read More
Middletown Medical, Orange County
Breach Type - Other/Vulnerability, Data Breach
Record Online
March 29th, 2018
- Security setting in radiology interference allowed access to electronic patient information
- Middletown Medical acted to prevent further unauthorized access
- Notified potentially affected individuals and offered one year of identity protection services
Read More
Finger Lakes Health
Breach Type - Ransomware
WHEC
March 20th, 2018
- Hackers demand ransom to decrypt files of Finger Lakes Health NY
- No evidence of compromised patient/staff data has surfaced
- Employees have emergency plan for cyber attacks
- Daily tasks completed manually
Read More
St. Peter's Hospital
Breach Type - Hack
timesunion
March 2nd, 2018
- Malware installed on St. Peter's servers
- Second largest breach of NY since 2016 hits St. Peter's Hospital
- Hackers potentially compromised medical records of 135,000 patients
Read More
Jones Memorial Hospital
Breach Type - Hack
WIBV
December 27th, 2017
- Experienced unexpected downtime due to cyber attack
- Manually entering information into patient charts
- No patient data is believed to be compromised
Read More
SC Magazine
December 28th, 2017
- Jones Memorial rendered a limited number of information services inoperable
- Working with University of Rochester, Noyes Health & St. James Mercy Hospital to restore systems
Read More
EHR Intelligence
January 9th, 2018
- Systems back online after two weeks of E.H.R. downtime
- Evaluating and updating security measures to prevent future attacks
Read More
Pharmacy Innovations
Breach Type - Hack
Biz Journals
December 26th, 2017
- Hack leads to breached data of more than 1,200 patients
- Pharmacy Innovations was the 4th health data breach for NY in 2017
- Case under investigation by the Office for Civil Rights
Read More
Kaleida Health
Breach Type - Phishing
Healthcare IT News
August 31st, 2017
- Kaleida Health employee falls victim to phishing scheme
- Private data of 744 individuals potentially affected
- Kaleida offering free credit monitoring
- As a result of multiple data breaches, Kaleida working to improve cyber security
Read More
Erie County Medical Center
Breach Type - Ransomware
Buffalo News
April 9th, 2017
- Ransomware attack causes computer system disruption
- Affected the medical center's ability to provide medical treatment
- ECMC refused to pay ransom
- Restoring systems with help of IT staff
Read More
Metropolitan Jewish Health System
Breach Type - Phishing
Data Breaches
April 5th, 2016
- Employees falls victim to spear phishing scheme
- Some patient data left available to hacker
- Notified patients about the phishing scam & established a security hotline
- Health system reinforcing dangers of phishing to staff
Read More
BACK TO TOP