DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Apex Laboratory notified by law enforcement of system compromise in July; notifying patients

Posted on September 27, 2012 by Dissent

A reader sent me a link to a breach notice that a relative had received from  Apex Laboratory on Long Island. I’m reproducing the contents below:

Apex Laboratory, Inc.
110 Central Ave – Farmingdale, NY 11735

RE: Important Security and Protection Notification.
Please Read This Entire Letter.
Dear Valued Clients of Apex Laboratory, Inc.,

We are writing to let you know that on July 30, 2012, Apex Laboratory, Inc. was informed by law enforcement investigators that an unauthorized individual(s) recently gained access to one of our computer systems and viewed certain personal information about a number of our patients.  At the request of law enforcement this notification was not immediately sent so as not to compromise their investigatory efforts. The system which was accessed contained names, addresses, phone numbers, dates of birth, gender, social security numbers, and insurance identification numbers. We do not believe that any information pertaining to any of our patients’ health conditions or treatments was viewed by anyone without proper authorization.

While we believe that only a small percentage of our patients’ records were accessed by the unauthorized individual(s), we are providing this notice to all of our patients whose social security numbers are maintained on the system that was accessed. Although we currently have no reason to believe that information from our system has been misused, we want to inform you of the incident and let you know what steps you can take to protect yourself from fraud and identity theft.

As a precaution, we recommend that you contact the IRS Identity Protection Specialized Unit at 1-800-908-4490 where they will secure your account against possible fraudulent income tax returns. We also recommend that you place a fraud alert on your consumer credit file. A fraud alert lets potential creditors who access your credit file know to be especially cautious for indicators of suspicious activity and to take extra care to ensure any credit applications are legitimately authorized. To place a fraud alert, which is free of charge, you can call any one of the three major credit bureaus, which will notify the other credit bureaus on your behalf.

Experian: l-888-397-3742
Equifax: l-800-525-6285
TransUnion: 1-800-680-7289

There does not seem to be any notice on Apex’s web site at this time. In time, we’ll find out if it is posted on HHS’s breach tool.

It’s interesting that they recommend contacting the IRS Identity Protection Specialized Unit. That’s not the typical recommendation I see in such notifications, and I wouldn’t be surprised if law enforcement had provided them with information suggesting that the data were accessed and acquired to use in a tax refund fraud scheme.

Update: a recipient of the letter informs PHIprivacy.net that it was dated September 4.

Category: Health DataID TheftU.S.

Post navigation

← Australian Government Hacked, Unacceptable Security Exposed
NZ: IRD says sorry for privacy breach →

1 thought on “Apex Laboratory notified by law enforcement of system compromise in July; notifying patients”

  1. Anonymous says:
    October 3, 2012 at 3:37 pm

    Where’s the free year (or more) of credit monitoring? My non-medical business had to pay a mandated minimum amount of online/internet/advertising/libel/digital security insurance as part of the professional liability/completed projects type of insurance that my type of business was exposed to. It was automatically included in the quote, and part of the policy after it was approved, signed and paid. There was options to buy more coverage, but the minimum coverage was mandatory 15 years ago. Medical sites? With private health info/HIPAA? That are exposed to the internet? And which usually allow physicians/hospitals to log in & download patient info and test results? No insurance for data losses? Their site is running a windows server. With all the viruses, trojans and other malware infecting business networks runnung windows by simply opening an email with the malware payload…no insurance?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.