NEW YORK (1010 WINS/WCBS 880) – A vendor for Northwell Health, New York’s largest health care system, was the target of a cyberattack earlier this year that compromised patient data.
The attack targeted Perry Johnson & Associates, a Nevada-based company that does transcription services.
According to PJ&A, hackers gained unauthorized access to the system sometime between March and May, and the unauthorized access to patient data occurred in April.
PJ&A informed Northwell Health of the breach on July 21, and were aware of the full scope of the cyberattack’s impact on Northwell patients on Sept. 28, according to a letter from PJ&A explaining the "cyber incident."
The data compromised includes patient names, birthdays, social security numbers, diagnoses, test results and the names of doctors and healthcare providers.
Bree Fowler, a senior writer for CNET who covers cybersecurity, told 1010 WINS/WCBS 880 that these attacks aren’t uncommon due to a lower standard of regulation for third-party companies than hospitals.
“What consumers have to do in this case is be really wary of any kind of communication they might get from what appears to be Northwell Health, a doctor,” Fowler said when asked how people can protect themselves.
A draft statement from Northwell Health initially stated that four million patients were impacted, but the provider is no longer confirming any number.
A spokeswoman for Northwell Health told 1010 WINS/WCBS 880 that none of their systems were impacted, but that the provider is offering all patients complimentary ID theft protection services.