NRAD Medical Associates, a radiology practice based in Garden City, N.Y., has notified 97,000 patients saying an employee had unauthorized access to their personal information, according to a Newsday report.
According to the organization’s letter to patients, on or about April 24, it was discovered that an employee of the practice accessed and acquired protected health information (PHI) from NRAD’s billing system without authorization. The information included patient names and addresses, dates of birth, social security numbers, health insurance, diagnosis codes, and procedure codes.
NRAD officials say they have no indication that the information has been disclosed or used by any third parties, and have no evidence that any financial information was accessed. The practice says there is very low risk from this event and the data breach has been contained. The organization also said the employee is no longer working at the practice.