Recently, Allied Urological Services, LLC confirmed that the company suffered a data breach after an unauthorized party gained access to sensitive patient data contained on its network. According to Allied Urological, the breach resulted in the compromise of names, addresses and financial account information. Current estimates place the total number of people affected by the Allied Urological breach at 52,981. On July 12, 0222, Allied Urological filed a formal breach notice and sent data breach letters to all affected parties.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what legal options are available to you following the Allied Urological Services data breach, please see our recent article on the subject. here.
Additional Allied Urological Services Data Breach Details
According to an official notice filed by the company, on January 3, 2022, Allied Urological detected suspicious activity in an employee’s email account. This particular email account was used to schedule patient appointments. In response, the company changed the account password and launched an investigation into the incident in hopes of determining the nature and extent of any potential breach.
The Company’s investigation revealed that an unauthorized party gained access to Allied Urological’s computer systems around September 26, 2021. This access lasted until January 3, 2022, when the Company changed the word email account password. Allied Urological has also determined that the contents of the employee’s email account may have been synchronized with the unauthorized party’s system, giving them access to sensitive patient information contained in the account.
After discovering that sensitive consumer data was accessible to an unauthorized party, Allied Urological Services reviewed all emails and attachments to determine what information was compromised and to whom it belonged. Although the information hacked varies by individual, it can include your name, address, and financial account information, such as bank account numbers or credit and debit card numbers.
On July 12, 2022, Allied Urological Services sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
More information about Allied Urological Services, LLC
Allied Urological Services, LLC is a healthcare company that does business as Allied Metro Medical and provides mobile lithotripsy and prostate care services. Allied Urological is based in New York, New York, and provides services to more than 30 hospitals in the New York tri-state area. The company is affiliated with Metropolitan Lithotriptor Associates, PC and Metropolitan Urological Specialist, PC. Through its subsidiaries, Allied Urological Services provides care to more than 6,000 patients. Allied Urological Services employs over 80 people and generates approximately $14 million in annual revenue.
How did a hacker gain access to Allied Urological’s computer system?
Following a data breach, the questions are many and the answers few. One of the questions that often comes up after any data breach involving an employee’s email account is how the hacker gained access to it. Although Allied Urological provides a fair amount of detail regarding the recent data security incident, the company does not explain what allowed the unauthorized party to gain access to the email account containing sensitive patient data that were eventually disclosed.
Typically, there are a few different things that could have led to a breach like this. Below are some of the most common causes of email data breaches.
An employee does not follow the correct procedures outlined by the company
Many email data breaches are the result of an employee not following company rules regarding the storage of email login credentials. Most companies these days have strict procedures in place dictating how and where employees can store their login credentials. However, employees who neglect their credentials can have them stolen by hackers, who can then use them to gain access to the employee’s email account, as well as any sensitive data in the account.
An employee responds to an email phishing attack
Email phishing is an increasingly common way for hackers to obtain an employee’s email credentials. Phishing attacks use the principles of social engineering to trick an employee into providing their login credentials directly to the hacker. In some cases, phishing emails ask the recipient to download malware disguised as a legitimate-looking link that gives the hacker access to the victim’s computer.
Organizations understand the risks of email phishing and should take steps to prevent these attacks. Many companies these days require their employees to complete email phishing training, educating them on the different ways to spot a fraudulent email. Additionally, companies that use state-of-the-art data security systems can completely prevent these emails or at least have mechanisms in place to quickly detect a breach.