East River Medical Imaging (ERMI) experienced a data breach, revealing sensitive information of over 605,000 patients. The breach, discovered on September 20, 2023, led ERMI to secure its systems, alert law enforcement, and engage a third-party cybersecurity firm for an extensive investigation. Unauthorized access to the network occurred between August 31 and September 20, exposing various files containing confidential patient data, including names, Social Security numbers, contact details, insurance information, and medical records.
ERMI acted promptly upon confirming the breach, reviewing compromised files to assess the extent of leaked information and identify affected individuals. Patients and employees had varying data exposed, such as financial account information and driver’s license numbers for staff. ERMI initiated the notification process on November 22, 2023, sending letters to those impacted by the breach, providing a detailed list of compromised information.
Established in 1970, ERMI is a New York-based diagnostic imaging and radiology practice offering services like CT scans, MRI scans, and bone densitometry. Employing over 122 individuals and generating approximately $18 million in annual revenue, ERMI plays a crucial role in the healthcare sector. The breach underscores the ongoing challenges healthcare organizations face in safeguarding sensitive patient data, emphasizing the need for robust cybersecurity measures and prompt incident response to protect individuals’ privacy and prevent identity theft or fraud.