The HHS is investigating a network server breach that affected 24,891 patients at Syracuse-based Specialty Surgery Center of Central New York.
The ASC discovered unauthorized access to its network March 31, terminated the access and launched an investigation that concluded around April 30, according to a letter from the ASC posted Oct. 14 by the Office of the Vermont Attorney General.
The ASC launched a second investigation to determine which patients had been affected and received a list from a cybersecurity firm around Aug. 16. The Specialty Surgery Center of Central New York immediately notified the affected patients and state and federal regulators after receiving the list, the letter from the ASC said.
In the letter, the ASC said it has no reason to believe that the compromised information has been misused, but it was notifying patients "out of an abundance of caution."
Since the breach, the ASC said it has implemented antivirus software, locked down external websites and implemented a warning banner for external email, among other security controls.