LAGRANGEVILLE – Health Quest Systems, Inc. is tightening its cybersecurity following an 11-month investigation into the unauthorized access to internal emails and attachments in employee email accounts that may have contained patient information.
The company issued a statement through a Philadelphia law firm Friday evening saying that the unauthorized email access was the result of a phishing incident with Health Quest affiliates Health Quest Medical Practice, Health Quest Urgent Care and Hudson Valley Newborn Physician Services.
Health Quest first learned of the incident in July 2018 when several employees were deceived by a phishing scheme and were tricked into inadvertently disclosing their email account credentials to an unauthorized party.
On April 2, 2019, the investigation found that certain email attachments contained patient information, which may have included names, provider names, dates of treatment, treatment and diagnosis information, and health insurance claims information, related to services some patients received at Health Quest Medical Practice between January 2018 and June 2018 were breached.
The company said it has no evidence that any information has been misused or was viewed or accessed, but it began notifying the potentially affected persons on May 31, 2019 and has established a dedicated call center to answer questions.
“To help prevent a similar incident from occurring in the future, HQMP is implementing multi-factor authentication for email and additional procedures to further expand and strengthen its security processes,” the company said. “HQMP is also providing additional training to its employees regarding phishing emails and other cybersecurity issues.”\
Patients who believe they may be affected by this incident but did not receive a letter by June 10 are asked to call 800-277-0105, Monday through Friday, 9 a.m. to 6:30 p.m. EST.