Cyberattack targets Northwell Health vendor; patient data compromised

Some Long Islanders received a letter that their names, birthdays, addresses and diagnosis information may have been impacted due to a data breach by a third-party vendor.

Kevin Vesey

Nov 10, 2023, 12:52 AM

Updated 378 days ago

Share:

A Nevada-based vendor for Northwell Health says its systems were infiltrated by cyber criminals, who stole Northwell patient data.
According to a letter from Perry Johnson & Associates, Northwell patient data was accessed between April 7 and April 19 of this year.
Northwell was notified of the breach on July 21, and the scope of the attack was confirmed Sept. 28.
Hackers accessed patients’ names, addresses and birthdays, as well as their medical records.
Lance Ulanoff, U.S. editor-in-chief for Tech Radar, says cyber criminals could use the data to pose as Northwell in an attempt to collect more sensitive information, including Social Security numbers.
The number of affected patients is unclear. A draft statement from Northwell initially said 3,891,565 people were impacted. But the health care provider later recalled that statement and said they could not confirm any specific numbers.
A Northwell spokesperson says none of their systems were impacted by the cyberattack.