Hoboken Radiology reveals breach of imaging server that began in 2019
Hoboken Radiology LLC in New Jersey issued a press release yesterday about an incident that began in June, 2019. The full text of the release is below the separator. DataBreaches.net has sent an inquiry to the practice asking them who informed them in November — was it law enforcement, a vendor, a researcher, or their own internal monitoring system? And how many patients are being notified? DataBreaches.net will update if more details are shared.
Updated June 11: This was reported to HHS as impacting 80,000 patients.
HOBOKEN, N.J., May 28, 2021 /PRNewswire/ — Hoboken Radiology LLC (“Hoboken“) today is providing information about a recent event that may impact the privacy of some personal data related to current and former patients. Like many other medical providers, hospitals, and government agencies, Hoboken has unfortunately been the victim of unauthorized access to its imaging server.
What Happened? On November 3, 2020, Hoboken was informed of potentially suspicious activity involving its medical imaging server. Hoboken began investigating the activity with the assistance of third-party computer forensic specialists to determine if there had been any unauthorized access to its systems. That investigation is ongoing, but identified unauthorized connections between June 2, 2019 and December 1, 2020. The server on which suspicious activity was identified contained records related to Hoboken’s patients. Therefore, in an abundance of caution, Hoboken is notifying patients that some of their information may have been at risk. The identified server does not contain patient payment card or other financial or insurance information.
What Information Was Involved? The information contained on the server which may have been impacted by this incident included name, gender, date of birth, treatment date, referring physician, patient ID number, accession number, and image and description of image. The information at risk did not include any individual Social Security numbers, payment card or financial information, or medical insurance information. Hoboken has no evidence any information was subject to actual or attempted misuse.
What Hoboken Is Doing. Hoboken takes this incident and the security of personal information seriously. Upon discovery, Hoboken immediately launched an investigation and took steps to secure its systems and investigate activity. Hoboken worked diligently to investigate and respond to this incident and to identify and notify potentially impacted individuals. Hoboken is also reviewing and enhancing existing policies, procedures, and processes related to storage of and access to personal information. Hoboken is notifying potentially impacted individuals so that they may take further steps to best protect their information, should they feel it is appropriate to do so. Hoboken is also reporting this incident to relevant state and federal regulators as required.
What You Can Do. While Hoboken has no evidence that any personal information was subject to actual or attempted misuse, it encourages anyone who thinks their information may have been impacted to monitor financial accounts and notify their bank immediately if they detect unauthorized or unusual activity. You can also review the below Steps You Can Take to Help Protect Your Information.
For more information. If there are additional questions, Hoboken can be reached at 201-469-0550, via email to [email protected] or at 79 Hudson Street, Hoboken NJ, 07030.
The trust of our patients in Hoboken and its clinicians and staff are of the greatest importance to us, and we regret having to inform you that an incident such as this has occurred.
Steps You Can Take to Help Protect Your Information
Hoboken encourages potentially impacted individuals to remain vigilant, to review your account statements, and to monitor your credit reports for suspicious activity. Under U.S. law, individuals with credit reports are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report. The credit reporting agencies may be contacted as follows:
You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.
The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue, NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should be reported to law enforcement, your Attorney General, and the FTC. You can also further educate yourself about placing a fraud alert or security freeze on your credit file by contacting the FTC or your state’s Attorney General.
SOURCE Hoboken Radiology LLC