Yale New Haven Health has reported that a March data breach affected more than 5 million people. The health system said 5,556,702 people were impacted by the cyberattack in a report to the Health and Human Services' Office for Civil Rights' data breach portal on April 11.
The Connecticut-based nonprofit health system first noticed unusual activity affecting its IT systems in early March. Using assistance from external cybersecurity experts, the system's investigation determined that an unauthorized third party gained access to its network and obtained copies of certain data.
"At no point did this incident impact our ability to provide patient care," the system wrote.
WHAT'S THE IMPACT
The information that was compromised varied by patient, Yale New Haven said, but may have included name and date of birth, address and phone number, Social Security number, and race or ethnicity.
The system maintained that neither its electronic medical record nor its treatment information was accessed, nor was any financial account or payment information.
Yale New Haven began mailing out notices to patients on April 14, and while the system is not aware of any information being used for the purposes of fraud or identity theft, it's offering free credit monitoring and identity protection services to anyone whose Social Security number was involved.
However, as reported by the Hartford Business Journal, two federal lawsuits were filed this month by patients who said they were harmed by the data breach. According to the lawsuits, the health system "failed to properly secure and safeguard" personally identifiable information and personal health information.
Yale New Haven has "done nothing to provide … relief for the damages they have suffered," according to the lawsuits.
The health system said it doesn't comment on pending litigation, but said in its notice, "We take our responsibility to safeguard patient information incredibly seriously, and we deeply regret any concern this incident may have caused."
THE LARGER TREND
A KnowBe4 report published in June showed that a surge in cyberattacks contributed to a steep rise in cyberattack costs for healthcare organizations, with the average breach cost nearing $11 million – more than three times the global average – making healthcare the costliest sector for cyberattacks.
Ransomware attacks have dominated, accounting for over 70% of successful cyberattacks on healthcare organizations in the past two years.
Jeff Lagasse is editor of Healthcare Finance News.
Email: jlagasse@himss.org
Healthcare Finance News is a HIMSS Media publication.