DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Apex Laboratory notified by law enforcement of system compromise in July; notifying patients

Posted on September 27, 2012 by Dissent

A reader sent me a link to a breach notice that a relative had received from  Apex Laboratory on Long Island. I’m reproducing the contents below:

Apex Laboratory, Inc.
110 Central Ave – Farmingdale, NY 11735

RE: Important Security and Protection Notification.
Please Read This Entire Letter.
Dear Valued Clients of Apex Laboratory, Inc.,

We are writing to let you know that on July 30, 2012, Apex Laboratory, Inc. was informed by law enforcement investigators that an unauthorized individual(s) recently gained access to one of our computer systems and viewed certain personal information about a number of our patients.  At the request of law enforcement this notification was not immediately sent so as not to compromise their investigatory efforts. The system which was accessed contained names, addresses, phone numbers, dates of birth, gender, social security numbers, and insurance identification numbers. We do not believe that any information pertaining to any of our patients’ health conditions or treatments was viewed by anyone without proper authorization.

While we believe that only a small percentage of our patients’ records were accessed by the unauthorized individual(s), we are providing this notice to all of our patients whose social security numbers are maintained on the system that was accessed. Although we currently have no reason to believe that information from our system has been misused, we want to inform you of the incident and let you know what steps you can take to protect yourself from fraud and identity theft.

As a precaution, we recommend that you contact the IRS Identity Protection Specialized Unit at 1-800-908-4490 where they will secure your account against possible fraudulent income tax returns. We also recommend that you place a fraud alert on your consumer credit file. A fraud alert lets potential creditors who access your credit file know to be especially cautious for indicators of suspicious activity and to take extra care to ensure any credit applications are legitimately authorized. To place a fraud alert, which is free of charge, you can call any one of the three major credit bureaus, which will notify the other credit bureaus on your behalf.

Experian: l-888-397-3742
Equifax: l-800-525-6285
TransUnion: 1-800-680-7289

There does not seem to be any notice on Apex’s web site at this time. In time, we’ll find out if it is posted on HHS’s breach tool.

It’s interesting that they recommend contacting the IRS Identity Protection Specialized Unit. That’s not the typical recommendation I see in such notifications, and I wouldn’t be surprised if law enforcement had provided them with information suggesting that the data were accessed and acquired to use in a tax refund fraud scheme.

Update: a recipient of the letter informs PHIprivacy.net that it was dated September 4.

Category: Health DataID TheftU.S.

Post navigation

← Australian Government Hacked, Unacceptable Security Exposed
NZ: IRD says sorry for privacy breach →

1 thought on “Apex Laboratory notified by law enforcement of system compromise in July; notifying patients”

  1. Anonymous says:
    October 3, 2012 at 3:37 pm

    Where’s the free year (or more) of credit monitoring? My non-medical business had to pay a mandated minimum amount of online/internet/advertising/libel/digital security insurance as part of the professional liability/completed projects type of insurance that my type of business was exposed to. It was automatically included in the quote, and part of the policy after it was approved, signed and paid. There was options to buy more coverage, but the minimum coverage was mandatory 15 years ago. Medical sites? With private health info/HIPAA? That are exposed to the internet? And which usually allow physicians/hospitals to log in & download patient info and test results? No insurance for data losses? Their site is running a windows server. With all the viruses, trojans and other malware infecting business networks runnung windows by simply opening an email with the malware payload…no insurance?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.