University Urology in New York City detected unauthorized access to patient data on February 1, 2023, and promptly initiated an investigation into the incident. The investigation revealed that a threat actor gained access to protected health information stored in their system, potentially compromising sensitive data of 56,816 patients. The accessed information varied, including names, addresses, medical conditions, test results, prescription details, insurance information, and billing data.
In response to the breach, University Urology took several measures to enhance security and mitigate risks. They offered affected individuals 24 months of complimentary credit monitoring and identity theft restoration services. Additionally, they deployed SentinelOne agents for 30 days to monitor the environment for any signs of compromise and malicious activity. Furthermore, they reset all passwords, removed unauthorized access tools, limited remote access, deleted persistence mechanisms, and banned identified malicious files.
Despite the breach, University Urology stated that there is no evidence of misuse or attempted misuse of the compromised data. However, they reported the incident to the HHS, as required, acknowledging the impact on 56,816 patients. This breach underscores the ongoing challenges faced by healthcare organizations in safeguarding sensitive patient information and highlights the importance of robust cybersecurity measures to prevent unauthorized access and protect patient privacy.
