The Catholic Charities of the Diocese of Albany (CCDA) was upgrading its computer security software last August when the technician discovered a malware installed in one of its computer servers. Glen Falls office uses the infected server to serve patients in Saratoga, Warren and Washington Counties in New York.
The technician quickly blocked access to the server. Then a computer security firm came to investigate the unauthorized access. The investigation lasted several weeks with the findings that server access started way back in 2015.
Even though the malware had been there in the server for a long time, there seem to be no evidence that the patients’ protected health information had been stolen or accessed. The analysts said that the server contained the protected health information of 4,624 patients. The information that could have been stolen include the patients’ names, dates of birth, addresses, diagnosis codes, dates of service, health insurance ID and Social Security numbers. Financial details and treatment status were not included in the server. They’re stored somewhere not accessible to the hackers.
In compliance with HIPAA Rules, CCDA reported the incident to law enforcement, the Division of Consumer Protection, the Department of Health and Human Services’ Office for Civil Rights and the state Attorney General. CCDA also sent to individual patients notification letters about the breach and an offer to receive free identity theft protection and credit monitoring services for 12 months.
CCDA improved the security features of its servers to prevent future malware attacks and protect private information. Despite such efforts, Sister Charla Commins, Executive Director of Catholic Charities of Saratoga, Warren and Washington Counties, expressed her concern that breaches can still possibly happen. Even now, she apologized for the inconvenience such may cause to both patients and staff.