DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NY: Bellevue Hospital notifying 3,300 patients of breach

Posted on May 20, 2015 by Dissent

Jacobi Medical Center wasn’t the only hospital run by the Health & Hospitals Corporation that reported a breach on April 28.  Bellevue Hospital Center also reported one:

The incident in question occurred on January 15, 2015 and was discovered on February 27, 2015 when, in the course of HHC’s monitoring of outgoing emails, we identified an email attachment that a Bellevue employee improperly sent to her relative’s e-mail account at the relative’s place of employment.

Here’s their notice:

The New York City Health and Hospitals Corporation (HHC), which operates Bellevue Hospital Center began this week to notify about 3,300 Bellevue patients about the possible disclosure of some of their protected health information (PHI) when a Bellevue employee improperly sent a spreadsheet containing PHI to an unauthorized recipient.

The unauthorized disclosure was discovered by HHC’s information governance and security program that, among other things, monitors and detects all email communications that contain PHI and other confidential information that are sent from HHC’s information systems without proper authorization. A sample notification to the affected patients is attached. Notifications will also be posted on the HHC website and will be distributed to numerous New York area news outlets. The information in the spreadsheet included the names, medical record numbers, e-mail addresses, insurance carrier information, and limited sensitive health information of the affected patients.

Based on HHC’s investigation into the unauthorized disclosure, the spreadsheet has been deleted from all known unauthorized sources to which it was sent and there is no basis to believe that it was forwarded to any other site before deletion. There is no evidence to suggest that the spreadsheet was received or viewed by anyone other than the single unauthorized recipient, and there is no evidence to suggest that the PHI contained in the spreadsheet was misused or further disclosed in any manner.

Nonetheless, in an abundance of caution, HHC has taken decisive steps to protect the individuals who are potentially affected by offering, through a third-party vendor, free credit monitoring services for one year to those patients whose medical records may have been improperly disclosed. Affected patients who have questions about this incident, including how to sign up for free credit monitoring services, may contact Bellevue Privacy Officer Christopher Roberson at (212) 562-4316.

HHC has taken immediate measures to prevent the recurrence of an incident of this nature by automatically blocking of email communications containing PHI and other confidential information from being sent from HHC’s information systems to any site or entity outside of the HHC security network unless for a legitimate business purpose.

Category: ExposureHealth DataInsiderU.S.

Post navigation

← Cn: Hacker jailed for linking school website to pornography pages
CareFirst BlueCross BlueShield discloses that hack in June 2014 affected 1.1 million members →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.