Phishing Incident: What You Need to Know
New York Oncology Hematology (NYOH) is committed to protecting the security and confidentiality of our patients’ and employees’ information. Regrettably, this notice concerns an email phishing incident that may have involved some of that information.
NYOH has determined an unauthorized user may have gained access to several employee email accounts through a series of targeted phishing emails. While NYOH and its partners are not aware of any actual access to or attempted misuse of patient or employee information related to this incident, we continue to take steps to protect our patients and employees’ information.
The phishing emails sent were sophisticated in that they appeared as a legitimate email login page, which convinced the NYOH personnel to enter their user names and passwords. These credentials were then harvested and used by the attackers to gain access to the email accounts, which were typically only accessible for a short period of hours before access was terminated.
NYOH hired an outside forensic firm to conduct a review of the content of the accounts following the phishing attack, which occurred between April 20 and April 27. Following a thorough analysis, on October 1, they determined that one or more of the affected email accounts contained protected health information and other personal information of patients or employees. Patients and employees who joined NYOH after April 27, 2018, are not involved.
While we are not aware of any access to or attempted misuse of patient or employee information related to this incident, out of an abundance of caution, NYOH mailed letters to all NYOH patients and employees on November 16, 2018. This letter includes directions for enrolling in 12 months (or longer as required by law) of free identity theft and credit monitoring services through Experian.
If you received a notification letter and have questions, or if you did not receive a letter and wish to determine if you may be involved, please call our toll-free help line at 1-877-753-3334, Monday through Friday, 9am ET to 9pm ET; Saturday and Sunday, 11am ET to 8pm ET.
We deeply regret any inconvenience or concern this incident may cause our patients and employees. We are taking precautionary steps to ensure patient safety, privacy, and peace of mind. To help prevent something like this from happening again, NYOH will continue to look for ways to enhance our systems, training and controls against these threats.