The third-party server that hosts the electronic health records of New Jersey Diamond Institute for Fertility and Menopause was hacked by an unauthorized individual, exposing protected health information of 14,633 patients.

The database and EHR system was encrypted, which prevented the hackers from gaining access, officials said. However, many supporting documents stored on the hacked server were left unencrypted and could have been accessed.

The data included names, addresses, birth dates, Social Security numbers, lab tests and sonograms. For the 14,633 patients, the data contained protected health data.

Diamond Institute is uncertain when the database was initially accessed, but the organization learned of the breach on February 27.

After an initial investigation, the organization did a full password reset and updated its firewall in an attempt to prevent future attacks. Officials said virtual network credentials were also changed and all unused open ports are now closed.

Patients are being offered a full year of free credit monitoring and notifications were sent beginning April 28.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn