The data of over 1 million Central New York (CNY) patients may be at risk following a ransomware attack on London-based healthcare billing company Practice Resources LLC (PRL). According to reports, the data breach exposed the billing records, patients’ names, residential addresses, health plan numbers and treatment dates of over 942,000 patients from 27 hospitals and physician’s offices.
Information about the CNY ransomware attack
The incident took place on April 12, 2022. On discovering the cyberattack, PRL hired an investigation team to secure its systems and find further details about the hacking. The compromised data included billing records of physical therapists, pediatricians, orthopedic surgeons and gynecologists. Practice Resource LLC (PRL) provides billing services to several healthcare entities that amount to nearly $450 million per year.
The impact of the CNY ransomware attack
David Barletta, chief executive officer of Practice Resources, LLC (PRL), confirmed that the cyber-attack did not compromise sensitive data like social security numbers, credit card numbers or private medical information. When asked whether PRL paid the ransom, Barletta said, “Due to the ongoing investigation, we are not allowed to discuss that,” Syracuse.com reported.
On finding out about the cyber attack on June 5, 2022, PRL informed the CNY patients whose Protected Health Information (PHI) and Personally Identifiable Information (PII) were affected. Since hackers may have access to their data, they were urged to stay alert and take preventive measures.
Impacted healthcare entities connected to PRL
Practice Resources, LLC also released a list of CNY healthcare that were impacted due to the data breach.
- Upstate Community Medical, PC
- Tully Physical Therapy
- Syracuse Pediatrics
- Syracuse Gastroenterological Associates, PC
- Syracuse Endoscopy Associates, LLC
- Surgical Care West, PLLC
- Joseph’s Medical
- Soldier’s & Sailors Memorial Hospital – Physician Practices
- Salvation Army
- Orthopedics East, PC
- Nephrology Hypertension Associates of CNY, PC
- Nephrology Associates of Watertown, PC and others.
Precautionary Actions Taken by PRL
To minimize the risk of the patient data being used, the company arranged for the victims for Cyberscout — a cyber protection service. “As an added precaution, we have arranged for Cyberscout (through Identity Force) to provide at least 12 months of free credit monitoring and related services to potentially affected individuals,” stated the company’s official statement addressing the data breach.
The statement also included essential links and details about threat prevention and best practices to report cybercrimes.