ROCHESTER, N.Y. — Rochester Regional Health patients received letters about a data breach, but the letters themselves looked like scams. The letters were sent by a third-party vendor and incorrectly identified the hospital system as “Rochester Regional Medical Center,” which doesn’t exist. Hospital officials confirmed to News10NBC the letters are legitimate despite the error.
According to the letter sent to patients, there was unauthorized activity in a system Rochester Regional uses after a phishing attack in January. The breach may have exposed personal and protected health information. Many people who received the letter thought it was a scam and threw it out.
On Facebook, several people replied to News10NBC’s post saying they all got the letter and were suspicious.
Sandie Yocum said her wife received the letter and was cautious from the start. “My wife gets so worried about being a victim of identity theft and stuff, so she had me immediately investigate it, because the envelope was even off,” Yocum said. “We were like, this isn’t a Rochester Regional envelope, and I’ve never heard of Rochester Medical Center.”
This isn’t the first time Rochester Regional Health has had a data breach. News10NBC found two previous incidents — one in 2020 and another in 2023.
RELATED: Consumer Alert: A huge data breach is affecting patients across the Rochester area – here’s what you need to do – WHEC.com
In December, Rochester Regional Health received $15 million in state funding to upgrade its cybersecurity infrastructure in an effort to protect hospitals from cyber threats.
RELATED: Rochester Regional Health secures $15M for cybersecurity upgrades – WHEC.com
Jonathan Weissman, a cybersecurity professor at Rochester Institute of Technology, explained what criminals can do with stolen healthcare information.
“Criminals can get medical services and even prescriptions using the stolen information,” Weissman said. “This illustrates the importance of verifying unexpected communications through official channels,” Weissman said.
Healthcare systems can contain large amounts of personal and medical information. These pieces of information can be used for scams, fraud and identity theft.
Weissman said children’s information is especially sensitive because misuse may not be detected for years. The letter offers free 12-month identity monitoring to help protect children’s identities.
“This illustrates the importance of verifying unexpected communications through official channels,” Weissman said.
According to Xsolis, the unauthorized activity has been contained and there is no evidence the data has been misused. Impacted patients should follow the instructions in the notification to receive no-cost identity monitoring.
Weissman said patients who received the letter should carefully read the notification, enroll in the free monitoring services and monitor their accounts for any unusual activity.
“Be on the lookout for emails, texts or phone calls claiming to be from the healthcare provider, insurer or the monitoring service,” Weissman said. “Incidents like this can be followed up by targeted phishing attempts and impersonation scam attempts.” Weissman also recommended freezing credit as one of the most effective ways to prevent new account fraud. “At this point, there is no indication that there has been fraudulent use of the exposed data, but still take the recommended steps,” Weissman said. Rochester Regional Health said protecting patient information is a responsibility it takes seriously.
The hospital system said it expects partners to meet strict security and privacy standards and remains committed to safeguarding information entrusted to it.
Rochester Regional Health’s full statement is below.
Media Statement
We are aware of a data security incident involving Xsolis, Inc., a third-party vendor that previously provided services to Rochester Regional Health.
Rochester Regional Health’s relationship with Xsolis ended in 2021, well before this incident occurred. While we no longer work with this vendor, we have been notified that information related to some current or former patients may have been involved. This impacts approximately 18,600 patients associated with our system, representing a small portion of the more than 500,000 patients we serve each year.
Rochester Regional Health was incorrectly identified as “Rochester Regional Medical Center” in the notification. We have raised this issue with the vendor and requested that it be corrected.
According to Xsolis, the incident was the result of unauthorized access within its environment earlier this year. The vendor has indicated that the activity has been contained and that there is no evidence of misuse of the data at this time. Impacted patients should follow the instructions contained in the notification to receive no-cost identity monitoring.
Protecting patient information is a responsibility we take seriously. We expect our partners to meet strict security and privacy standards, and we continue to reinforce those expectations across all relationships. We remain committed to safeguarding the information entrusted to us and to maintaining the trust of our patients and community.
Rochester Regional Health data breach: Letters sent to 18,600 patients after third-party vendor Xsolis hack WHEC.com.
Hence then, the article about rochester regional health data breach letters sent to 18 600 patients after third party vendor xsolis hack was published today ( ) and is available on News10NBC ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( Rochester Regional Health data breach: Letters sent to 18,600 patients after third-party vendor Xsolis hack )
Also on site :