East River Medical Imaging recently sent out notices to 605,809 patients concerning a breach in September.
According to a patient notice posted on its website, on September 20, 2023, the New York medical practice identified suspicious activity within its IT network.
We immediately initiated our incident response process, began an investigation with the assistance of a cybersecurity firm, and notified law enforcement. The investigation determined that an unauthorized party accessed our network and, between August 31, 2023 and September 20, 2023, accessed and/or copied some documents on the system.
The documents involved in this incident contained information that varied by individual. For any patient. it might have included name, contact information, health insurance information, exam and/or procedure information, referring physician, imaging results, and/or Social Security number.
For employees, the information included names, contact information, financial account information, Social Security number, and/or driver’s license number.
The full notice can be found on ERMI’s website. The 605,809 figure is what was reported to HHS for the number of patients affected. It does not include the number of employees affected, unless employees were also patients of the practice.