PHI at risk for nearly 100,000 radiology clinic patients

A radiology practice in Long Island has informed 97,000 patients of a data breach involving their personal information.

In a recent letter sent to each of the patients, NRAD Medical Associates of Garden City, New York, said that the practice has learned that one of its radiologists "accessed and acquired protected health information from NRAD's billing system without authorization."

A spokesperson for NRAD told Newsday that the radiologist no longer works at the practice and has been reported to authorities. The Nassau Country District Attorney's Office, as well as the Nassau police, are investigating the incident, according to Newsday. In addition, NRAD said that it has implemented enhanced security measures.

The accessed information included names and addresses, dates of birth, Social Security numbers and health insurance information, including diagnosis and procedure codes. NRAD told the affected patients that there is no evidence that any of the information has been disclosed or used by third parties or that any financial information was accessed.

According to NRAD, the 97,000 patients affected by the breach represent approximately 12 percent of the more than 800,000 patients it has treated over the last 20 years.

This is just one of several breaches reported recently across the U.S. This past week, for instance, the Montana Department of Public Health and Human Services announced that hackers had gained access to a computer server linked to the department, compromising the personal health information of about 1.3 million people. And earlier this month, a thumb drive containing more than 33,700 patient records was stolen from an outpatient radiology facility in Santa Rosa, California.

In May 2013, a silver-mining scam put protected health information for more than 17,000 patients of an orthopaedic clinic in North Carolina at risk.

To learn more:
- see the letter from NRAD (.pdf)
- read the article in Newsday