SARANAC LAKE — The personal information of more than 800 patients of Adirondack Health may have been exposed in a contract company’s data breach three-and-a-half months ago, the health care network announced Thursday.
The patient information that was exposed included certain patients’ first names, last names, dates of birth, prescription information and medical record numbers, according to a news release from Adirondack Health, which operates Saranac Lake’s Adirondack Medical Center, the Lake Placid Health and Medical Fitness Center and the Mercy Living Center in Tupper Lake.
The information was exposed when CaptureRx, a third-party vendor that administers the federal 340B prescription drug program at Adirondack Health and several other hospitals across the country, experienced a data breach on Feb. 6.
The breach was a ransomware attack, according to Becker’s Hospital Review, a health care trade publication. Ransomeware attacks by hackers have become increasingly common in recent months.
CaptureRx is expected to notify every patient whose information may have been exposed via mail. So far, the company isn’t aware of any “actual or attempted misuse of patient information as a result” of the data breach, according to Adirondack Health.