The Brooklyn Hospital Center was affected by a ransomware attack that has infected several of its computer systems resulting in permanently loss of some of the patient data. Though the news of the attack was disclosed this week, the incident took place in late July.
The Brooklyn Hospital Center, New York is providing notice of the data security incident that may affect the security of personal information in their care. There is no evidence of exfiltration of patient information in the incident. However, the hospital is unable to find certain data related to specific patients. So, they are notifying patients regarding the data incident and about the measures they have taken since the occurrence of this event.
The hospital became aware of the incident In July 2019 when they discovered some unusual activity relating to certain Hospital servers. The Hospital immediately started an investigation by engaging with a leading third-party forensic investigation firm, to determine the full nature and scope of the incident.
They found that a malware that encrypted certain systems had disrupted the operation of certain Hospital systems. But no evidence about the data being accessed by any unauthorized person was found.
On September 4, 2019, it was found through investigation that despite many efforts to recover the data, certain patient data was unrecoverable. The information that are not recoverable include patient name and certain cardiac or dental images. The recovery efforts are ongoing, and the Hospital is reviewing the patient data that may be potentially impacted by this event. They are also taking steps to notify those individuals whose records are missing.
As soon as the hospital became aware of the issue, they have acted quickly to restore its systems and ensure the security of its network. Furthermore, the Hospital is reviewing its policies and procedures relating to data security and taking steps to enhance existing security protocols.
The notice sent to the affected patient contains information on what they can do to better protect their information, if they find it appropriate to do so. The Hospital sincerely regrets any inconvenience or concern this incident may have caused.