New York’s Brooklyn Hospital Center has provided notice of a recent data security incident that may affect the security of personal information in their care.
Although no evidence of actual or attempted exfiltration of patient information has yet been uncovered, the health centre says it has been unable to recover certain data related to specific patients. Therefore, a notification has gone out to patients detailing the data incident, and what recovery steps have been taken since the discovery of this event.
In late July 2019, the hospital became aware of unusual activity relating to certain servers. An investigation was subsequently launched, which included working with a leading third-party forensic investigation firm, to determine the full nature and scope of the incident.
Through this investigation, the hospital determined that a malware that encrypted certain systems had disrupted the operation of certain systems; the investigation found no evidence that data was actually accessed or acquired by an unauthorized party.
On September 4, 2019, the investigation confirmed that due to the malware, and despite exhaustive efforts to recover the data, certain patient data was unrecoverable. While recovery efforts are ongoing, based on this determination, hospital officials are reviewing patient data that may be potentially impacted by this event and taking steps to notify those individuals whose records may no longer be available.
To date, the hospital says it is unaware of any actual or attempted access to or misuse of medical or personal information.
The unrecoverable information may include patient name and certain cardiac or dental images. As stated, there is no evidence to date of actual or attempted access to, acquisition of, or misuse of any medical or personal information related to this incident.
The hospital says it is reviewing policies and procedures relating to data security and is taking steps to enhance existing security protocols.
The post #Privacy: Brooklyn hospital issues notice of data breach appeared first on PrivSec Report.