Med Associates hit by hack, data of 270,000 compromised

Register now

Med Associates, a vendor offering claims processing services for providers in the Albany region of New York, recently notified as many as 270,000 individuals about a data breach after a computer was hacked.

The company discovered that a third party had accessed the computer remotely after an associate noticed that another user was logged into her workstation.

Also See: Rising number of shadow devices leaves networks vulnerable

Consequently, Med Associates is offering one year of credit monitoring and identity restoration services from TransUnion to patients with compromised personal information, even though the most sensitive data, such as banking details and full Social Security numbers, were not compromised.

Med Associates, however, decided to provide the services from TransUnion because partial health insurance ID numbers were compromised, says Cathy Alvey, president, noting that some health insurance companies use Social Security numbers as a component of enrollees’ insurance ID numbers.

“With knowledge of this fact, we felt it was important to offer this service,” she told Health Data Management. “Despite our significant efforts to protect the data we have here, this incident occurred. We want to ensure we do everything we can to mitigate the potential impact this could have on our clients and their patients, so this service is being offered to all potentially impacted individuals.”

Med Associates has cyber security insurance, and Alvey urges all healthcare stakeholders get it. The insurer put Med Associates in touch with a specialized legal team to help investigate the breach and notify patients. As Alvey explains, “For a local business the size of ours, the process of obtaining and paying for these resources on our own would have been extremely difficult. This type of insurance is essential for anyone in the healthcare arena.”

For reprint and licensing requests for this article, click here.