Unsecured New York Medical Practice Server Exposes Over 42,000 Patient Records

Identity theft is a multi-billion dollar problem.  Although many companies have responded to this threat appropriately, some continue to risk theft of the sensitive personal and medical information entrusted to them by consumers and patients.  Unfortunately, it appears that Cohen, Bergman, Klepper, Romano MDs, a Huntington, New York-based medical practice, failed to protect the sensitive patient information of approximately 42,000 patients.

According to cybersecurity expert Chris Vickery, director of cyber risk research at the cybersecurity firm UpGuard which first discovered the breach on January 25, 2018, a digital data repository containing records from the Long Island medical practice was left publicly accessible, revealing medical details and personally identifiable information for over 42,000 patients.  The exposed data includes details such as patient names, Social Security numbers, dates of birth, addresses, phone numbers, insurance information, and over three million “medical notes.”

Furthermore, the exposed information was not secured until March 19, over a month after UpGuard’s initial analysis and notifying the medical practice on February 12.

Cybercriminal use personal information with the primary incentive of using that private data to commit identity theft and financial fraud.  Identity theft wreaks havoc on consumers’ finances, credit history, and reputation and can take time, money, and patience to resolve.  Identity thieves use stolen personal information for a variety of crimes, including credit card fraud, phone or utilities fraud, banking or finance fraud, government fraud, and medical identity theft.  Moreover, a person whose personal information has been compromised may not see the full extent of identity theft or fraud for years.

Disclosure of personal information and medical information is unlawful, and the attorneys at Finkelstein, Blankinship, Frei-Pearson & Garber, LLP have successfully brought lawsuits on behalf of victims of such disclosures.  If you visited Cohen, Bergman, Klepper, Romano MDs, then your information may have been stolen.  Please contact FBFG to explore your rights.