New York Oncology Hematology

New York Oncology Hematology operates within the healthcare sector in the United States. While specific details regarding its core medical services, patient demographics, or operational scale are not explicitly detailed in the available source material, the organisation handles sensitive personal and health information as part of its functions. This responsibility necessitates robust data security protocols to protect patient and employee confidentiality. The nature of the information involved underscores its role in delivering specialised medical care requiring stringent privacy safeguards.

The organisation experienced a significant cybersecurity incident on April 20, 2018. Attackers executed a phishing campaign that successfully compromised 14 employee email accounts by deploying deceptive login pages designed to harvest legitimate user credentials. This breach granted unauthorised individuals temporary access to these accounts. Following a forensic investigation, New York Oncology Hematology determined there was no evidence suggesting the attackers actually accessed or misused any data contained within the compromised accounts. However, acknowledging the potential risk due to the presence of protected health information and personal details in some affected accounts, the organisation proactively notified over 128,400 patients and employees as a precautionary measure. Individuals who joined the organisation after the attack period were excluded from these notifications. Immediate remedial actions included comprehensive password resets and the implementation of enhanced account security measures across its systems. This incident highlights the persistent threat phishing attacks pose to healthcare entities managing sensitive data.