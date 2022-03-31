About 1,300 hospital and primary care patients of Catholic Health System may have had some of their information exposed as part of a data breach at a health information management vendor.
Those affected will be receiving a letter from the vendor, Ciox Health, in the coming days, Catholic Health said. Ciox said its investigation did not find any instances of fraud or identity theft as a result of the incident, which affected more than 100 health care providers.
It stems from an unauthorized person accessing a Ciox employee's email account between June 24 and July 2 of last year. During its review, Ciox learned that some emails and attachments in the employee's email account contained limited patient information related to billing inquiries or customer service requests.
After completing its review in early November, Ciox between Nov. 23 and Dec. 30 began notifying providers whose patient information was involved in the incident. Ciox's website lists 127 health care providers that were notified, including Catholic Health, Erie County Medical Center and Niagara Falls Memorial Medical Center.
It was not known how many patients were affected at ECMC and Niagara Falls Memorial, and the two hospitals didn't immediately respond to requests seeking comment.
Catholic Health said the information that may have been accessed included patient names, provider names, dates of birth, dates of service, health insurance information and medical record numbers. The Ciox employee whose email account was involved did not have direct access to any patient's electronic medical record system, Catholic Health said.
"Out of an abundance of caution, Ciox is working with its customers to notify affected patients," Catholic Health said in a statement. "Ciox recommends individuals affected review billing statements from their health care providers and health insurers and contact them immediately if they see charges for services they did not receive."
Ciox has set up a call center for questions about this incident at 855-618-3107, which is operated from 9 a.m. to 6:30 p.m. Monday through Friday. Additional information is also available at cioxhealth.com/notice-of-email-security-incident.
Kaleida Health, too, was recently notified of a data incident at one of its vendors.
An alert at the top of Kaleida's website says the health system was notified on or about Dec. 9 that vendor, Advent Health Partners, had a breach "that may affect the privacy of certain data Advent received from Kaleida in connection with assisting Kaleida with insurance claims management services."
Advent advised Kaleida that it would be notifying the individuals whose information was affected by the incident.
Jon Harris can be reached at 716-849-3482 or jharris@buffnews.com. Follow him on Twitter at @ByJonHarris.