The server of third-party that basically hosts the EHRs (electronic health records) of New Jersey Diamond Institute for Fertility and Menopause was hacked by an unauthorized individual, exposing protected health data of 14,633 sufferers.
The EHR system and database was encrypted, which stopped the hackers from gaining access, officials claimed. Although, several supporting documents stored on the hacked server were left unencrypted and could have been approached.
The information involved addresses, names, birth dates, Social Security numbers, lab tests and sonograms. For the 14,633 patients, the data contained protected health data.
Diamond Institute is unsure when the database was previously accessed, but the agency learned of the breach on the day of February 27.
After a previous inquiry, the agency did a complete password reset and upgraded its firewall in an attempt to stop future attacks. Virtual network credentials were also changed and all unused open ports are now closed, in accordance to official said.
Sufferers are being offered a complete year of free credit monitoring and notifications were sent beginning April 28.