A malware attack on St. Peter’s Surgery and Endoscopy Center in New York potentially gave hackers access to 134,512 patient records, which makes it the second-largest breach this year.

It’s also the largest breach to hit New York state since the breach of more than 3.4 million records of Newkirk Products in 2016.

Hackers gained access to St. Peter’s server on Jan. 8, and the breach was discovered by officials on the same day. Quickly detecting the malware limited the time hackers had access to the server, but the investigation couldn’t rule out whether patient data was viewed, accessed or stolen.

[Also: The biggest healthcare data breaches of 2018 (so far)]

Officials said the hack of its Surgery and Endoscopy Center did not affect St. Peter’s Hospital or Albany Gastroenterology Consultants. Only patients of the Surgery and Endoscopy Center were potentially part of the breach. Notification letters were sent to those patients on Feb. 28.

The breached server contained patient names, addresses, dates of birth, service dates, diagnoses, procedures and insurance information. Social Security numbers were included for some Medicare patients, and Medicare data was exposed for some patients. No credit card or banking information was exposed.

Those patients with breached Medicare information have been offered one year of free credit monitoring.

Officials did not explain how hackers were able to install malware onto the impacted server. But St. Peter’s is “implementing even more stringent information security standards and increasing staff training.”

Further, officials are considering “additional and more elaborate anti-fraud and virus protection software.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com