Some patients of North Country Healthcare (“NCH”) have been notified that their health information may have been improperly accessed as a result of ransomware attack on a vendor used by NCH facilities.
The vendor – CaptureRx – is a third party administrator that provides services for NCH facilities. As permitted by law, NCH provides health information about its patients to CaptureRx to allow CaptureRx to provide these services.
Hackers accessed CaptureRx’s computer systems on February 6, 2021. CaptureRx detected the suspicious activity and confirmed on February 19, 2021, that improper access had occurred. CaptureRx then conducted a detailed investigation to determine which files had been accessed. It completed this review on March 19, 2021.
CaptureRx notified NCH facilities of the improper access in early April, 2021. CaptureRx stated that the following information had been accessed: patients’ first and last names, date of birth, prescription information, and medical record number for some patients. CaptureRx assured NCH facilities that the computer vulnerability that permitted the improper access has been identified and corrected.
CaptureRx noted that, as of the date of the notification, its investigation had found no evidence of actual or attempted misuse of the information as a result of the breach. Nonetheless, NCH patients are encouraged to review their account statements and explanation of benefit forms and to obtain free credit reports to confirm no suspicious activity has occurred. The notice to NCH patients affected by the breach provided detailed guidance on preventing identity theft.
NCH patients were notified of this matter. Also, NCH has filed a report with the federal Department of Health and Human Services as required by federal law.
If NCH patients would like further information about this matter, they are encouraged to contact the NCH Privacy Officer at 603-326-5608.