East River Medical Imaging (ERMI), a New York-based diagnostic imaging and radiology practice, has reported a substantial data breach that has potentially compromised the sensitive personal information of over 605,000 patients. The breach, which was officially reported to the U.S. Department of Health and Human Services Office for Civil Rights on November 22, 2023, involved unauthorized access to ERMI’s IT network.
The cyberattack, which was first detected as suspicious activity on September 20, 2023, allowed the intruder to access a range of consumer data. This data includes names, Social Security numbers, contact details, insurance particulars, and medical records. Following the completion of an investigation into the breach, ERMI began the process of notifying affected individuals through data breach notification letters.
The breach notification letters are intended to inform recipients about the nature of the data compromised and to provide guidance on protective measures against potential fraud or identity theft. ERMI has also suggested that those affected may wish to consult with a data breach attorney to explore their legal options and learn more about safeguarding their personal information.
While the full details of the breach are still forthcoming, ERMI’s initial filings and website notice titled “Notice of Data Security Incident” shed light on the timeline and scope of the incident. The unauthorized access period spanned from August 31, 2023, to September 20, 2023, during which confidential patient files were exposed.
ERMI’s response to the incident included securing its network systems, notifying appropriate law enforcement agencies, and engaging a third-party cybersecurity firm to determine the extent of the data leakage.
The information accessed during the breach varies by individual, but for patients, it could encompass a wide array of personal and medical details. ERMI employees may also have had their personal and financial information exposed.
In the wake of the incident, ERMI has taken steps to address the breach’s impact and reinforce its data security measures. The practice, established in 1970, is known for providing various imaging services and employs over 122 staff members, generating an estimated $18 million in annual revenue. The data breach at ERMI underscores the critical importance of robust cybersecurity protocols in protecting patient information within the healthcare industry.