HACKENSACK, N.J. (Reuters) – The U.S. Health and Human Services (HHS) is investigating the hack that led to the loss of personal data belonging to more than 30,000 health care providers in New Jersey, New York and Connecticut, the Centers for Disease Control and Prevention (CDC) said on Tuesday.
The agency said in a statement it is cooperating with state and federal authorities.
A total of 4,879 health care organizations, including hospitals, managed care systems, doctors’ offices, clinics and private practice providers, were affected by the hack, according to the CDC.
The hack took place over a period of time between February and June, the CDC said.
HHS said it was “aware of a breach” at the health organizations and was cooperating with investigators.
It said it is “working with the state, federal, local, and private sectors” to provide enhanced security for patients and providers.
The New Jersey Health Department has not disclosed any employees were targeted.
Health care industry groups said it will not be appropriate for the state to release any information regarding the attack, which they said was unrelated to the breach.
The breach occurred as many as 30,800 individual health care records were lost and were released to the public.
More: Health care providers are encouraged to make sure they have backups of their personal information, and to follow up on the data loss with the relevant government agency, said Scott Cawthon, a senior vice president with the American Health Care Association, which represents health care professionals and health care systems.
“We have no idea who was responsible for this, and what information was stolen,” he said.
Cawphon added that the hack did not affect the integrity of patients’ data, nor their privacy, and that it did not compromise the quality of care provided.
The CDC did not say what was stolen or how it was obtained.
It noted that it has “no indication that this data was stolen directly from individual health plans or other providers or was otherwise acquired.”