Recently, Allied Urological Services, LLC confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive patient data contained on its network. According to the Allied Urological, the breach resulted in the names, addresses, and financial account information being compromised. Current estimates place the total number of people affected by the Allied Urological breach at 52,981. On July 12, 0222, Allied Urological filed official notice of the breach and sent out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Allied Urological Services data breach, please see our recent piece on the topic here.
Additional Details About the Allied Urological Services Data Breach
According to an official notice filed by the company, on January 3, 2022, Allied Urological detected suspicious activity in an employee’s email account. This particular email account was used to schedule patient appointments. In response, the company changed the account password and launched an investigation into the incident in hopes of determining the nature and scope of any potential breach.
The company’s investigation revealed that an unauthorized party had gained access to Allied Urological’s computer systems on around September 26, 2021. This access lasted until January 3, 2022, when the company changed the email account password. Allied Urological also determined that the contents of the employee’s email account may have been synced to the unauthorized party’s system, giving them access to the sensitive patient information contained within the account.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Allied Urological Services reviewed all emails and attachments to determine what information was compromised and who it belonged to. While the breached information varies depending on the individual, it may include your name, address, and financial account information, such as bank account numbers or credit and debit card numbers.
On July 12, 2022, Allied Urological Services sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Allied Urological Services, LLC
Allied Urological Services, LLC is a healthcare company that does business under the name Allied Metro Medical and provides mobile lithotripsy and prostate care services. Allied Urological is based in New York, New York, and provides services to over 30 hospitals in the New York tri-state area. The company is affiliated with Metropolitan Lithotriptor Associates, PC and Metropolitan Urological Specialist, PC. Through its affiliates, Allied Urological Services provides care to more than 6,000 patients. Allied Urological Services employs more than 80 people and generates approximately $14 million in annual revenue.
How Did a Hacker Gain Access to Allied Urological’s Computer System?
In the wake of a data breach, questions are many and answers are few. One of the questions that often comes up after any data breach involving an employee’s email account is how the hacker was able to gain access. While Allied Urological provides a fair amount of detail regarding the recent data security incident, the company does not explain what allowed the unauthorized party access to the email account containing sensitive patient data that was ultimately leaked.
As a general rule, there are a few different things that could have led to a breach such as this one. Below are a few of the most common causes of email-based data breaches.
An employee fails to follow the correct procedures outlined by the company
Many email-based data breaches are the result of an employee not following the company’s rules regarding the storage of email login credentials. Most companies these days have strict procedures in place dictating how and where employees can store their login credentials. However, employees who are careless with their credentials may have them stolen by hackers, who can then use them to access the employee’s email account—as well as any sensitive data contained within the account.
An employee responds to an email phishing attack
Email phishing is an increasingly common way for hackers to obtain an employee’s email credentials. Phishing attacks rely on principles of social engineering to get an employee to provide their login information to the hacker directly. In some cases, phishing emails ask the recipient to download malicious software disguised as a legitimate-looking link that allows the hacker to access the victim’s computer.
Organizations understand the risks of email phishing and should take the necessary steps to prevent these attacks. These days, many companies require employees to attend email phishing training, educating them on the various ways to detect a fraudulent email. Additionally, companies that employ state-of-the-art data security systems can prevent these emails altogether or at least have mechanisms in place to quickly detect a breach.
