PHI of Specialty Surgery Center of Central New York and Advocate Lutheran General Hospital Patients Possibly Compromised

Syracuse ASC, doing business as Specialty Surgery Center of Central New York, has begun informing 24,891 patients regarding unauthorized individuals who got access to its computer network and potentially viewed some of their protected health information (PHI).

Syracuse ASC discovered the breach around March 31, 2021, and immediately took steps to protect its systems and stop continuing unauthorized access. A forensic investigation went underway with the help of a third-party cybersecurity company. It concluded on April 30, 2021 and the investigators confirmed that the hackers got access to sections of its systems where PHI was located.

Another investigation was done to find out the persons whose PHI had been compromised. A listing of persons possibly impacted by the incident was available on August 16, 2021. The issuance of notifications was delayed because of a tedious data validation process to confirm the correctness of the information.

The file analysis affirmed that names might have been exposed together with some health data, however, there is no proof found that suggests the actual or attempted improper use of information on the exposed systems.

Syracuse ASC already took several steps to strengthen IT security to avoid more data breaches, which include updating its antivirus software program and changing provider, locking down external web pages, putting warning signs to emails coming from outside sources, reconfiguring routers and closing ports and services that are unused, separating the guest Wi-Fi network, upgrading switches, firewalls and operating systems on work stations, and giving additional security awareness training to the employees.

Advocate Lutheran General Hospital Computer That Contains PHI Stolen

A laptop computer that contains the PHI of Advocate Lutheran General Hospital patients in Park Ridge, IL was stolen.

The computer was taken from the hospital around September 22 at 3:30 pm and September 24, 2021 at 06:30 a.m. Upon knowledge of the computer theft, systems and procedures were put in place to safeguard patient information and the laptop computer was wirelessly de-activated; nevertheless, it is probable that in the brief window of opportunity, the thief could have viewed the information saved on the device. The hospital stated it did not find any proof to suggest the compromise of patient data.

About Christine Garcia 1303 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at