Unauthorized third party access at NY hospital caused possible data breach

March 13, 2018//Ellen Neveux

Last Updated: November 18, 2020

St. Peter’s Surgery & Endoscopy Center recently confirmed a possible data breach that could affect 134K individuals. The New York surgery center reports that an unauthorized third party gained access to their servers. The security breach occurred on January 8, 2018, and was immediately discovered.

According to a statement published by the Center, their investigation shows “…no evidence that any patient information was successfully accessed or used in any way.” Although the response team added, “we were unable to definitively rule that out.”

Potentially compromised data may include, “patients’ names, dates of birth, addresses, dates of service, diagnosis codes, procedure codes, insurance information.”

A possible data breach of this scale makes it one of the largest healthcare incidents this year. This reflects the current vulnerability of the healthcare sector. McAfee recently conducted a study researching cyber threats and found that healthcare risk has suffered a massive 211% increase in publicly disclosed security incidents in 2017.

It’s clear healthcare is a target.

McAfee’s Lead Scientist and Senior Principal Engineer, Christiaan Beek, said in a release about the study, “Healthcare is a valuable target for cybercriminals who have set aside ethics in favor of profits.” Beek continues, “Our research uncovered classic software failures and security issues such as hardcoded embedded passwords, remote code execution, unsigned firmware, and more. Both health care organizations and developers creating software for their use must be more vigilant in ensuring they are up to date on security best practices.”

Controlling partner access.

Security experts agree that healthcare is vulnerable when it comes to data protection. Bad actors will try to find any weak spot, that’s why it’s critical that healthcare IT professionals shore up commonly exploited entry points – most notably, third parties with network access. Network managers must be able to securely manage, authenticate, and monitor all users.

When a healthcare system doesn’t have a secure method to manage third-party remote access, risks to the network increase. The best way to mitigate these risks is to implement policies and tools that support multi-factor authentication, strict access controls, and a comprehensive audit of network activity.

SecureLink is trusted by the nation’s top healthcare systems and medical technology providers to deliver a secure and fast connection for third-party remote access. If you’d like to see how our solution will reduce your exposure, let us show you a demo.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

close close