Bronx Lebanon Hospital Center in New York City was breached exposing the medical records of thousands.
How many victims? At least 7,000
What type of information? The breach disclosed patients’ mental health and medical diagnoses, HIV statuses and sexual assault and domestic violence reports along with names, home address, addiction history and religious affiliation.
What happened?The actual length of time the records were left exposed is not known, but it is believed anyone who was a patient at the hospital between 2014 and 2017 a misconfigured Rsync backup server hosted by the third-party records management vendor iHealth Solutions was left susceptible to a hacker.
What was the response? Ihealth reported the breach to Bronx Lebanon and took steps to lock down the server and protect the data to include hiring a security firm to handle the problem. According to a news report, only iHealth said it does not believe the data has been misused.
Quote: “Ihealth confirmed to Bronx-Lebanon Hospital Center that an iHealth server containing hospital data was the target of an unauthorized hack by a third party. The hospital and its vendor, iHealth, took immediate steps to protect the data,” the hospital said in a statement to NBC news.