The Catholic Charities of the Diocese of Albany (CCDA) was performing an upgrade of its computer security software during August when it found malware on its systems. The software was discovered to have been placed on one of the computer servers located at its Glens Falls office, which provided treatment to based patients in Saratoga, Warren and Washington Counties in New York.
They acted quickly was taken to block access to the server and CCDA called in a computer security company to complete a review into the breach. The investigation, which ran over several weeks, uncovered that access to the server potentially went back as far as 2015.
While access to the server was possible and malware software had been installed, the review did not find details to suggest the protected health information of individuals had been viewed or taken illegally.
An detailed look at the server found that the stored files contained the protected health information of 4,624 patients. This data, which was potentially accessed by the unauthorized people, included names, addresses, birth dates, diagnosis codes, dates of service, and for some people, their health insurance ID details which may have included information regarding Social Security numbers. Financial records and details of care and therapy were stored on other parts of the network and were not accessible at any point in time.
Law enforcement agencies have been made aware of the incident including the Department of Health and Human Services’ Office for Civil Rights, the Division of Consumer Protection, and the state Attorney General. Patients have been advised of the breach and have been given credit monitoring and identity theft protection services for 12 months without charge.
Even in situations when appropriate security solutions are established to safeguard the protected health information of patients, breaches can still be experienced. Sister Charla Commins, CSJ, Executive Director of Catholic Charities of Saratoga, Warren and Washington Counties, commented, “We have modern digital security measures in place, but every day it seems criminals’ intent on invading computer systems find new ways to do so.” Sister Commins also remarked, “We take very seriously our responsibility for protecting private information, and we sincerely apologize for any inconvenience this may cause our clients and staff.”
CCDA has enhanced the security of its servers in order to prevent future malware attacks and intrusions.