[Skip to Content]

Patient Breach

In April 2023, we were notified of a concern with an employee's access to patient medical records. After a careful and detailed investigation, we have concluded an employee of SUNY Upstate Medical University accessed the records of numerous Upstate patients without a work or job-related reason. This incident occurred between the dates of November 26, 2022, and April 16, 2023. To the best of our knowledge, we have no reason to believe any patient's information was printed, redirected, redisclosed, used or misused by this employee.

The information encompassed the following:

  • Demographic information including name, age, address, insurer, and hospital medical record number
  • The date(s) patients received care at University Hospital and the services received
  • Diagnosis and other care and treatment information such as problem lists, medication lists, radiology reports, and visit notes

Please be assured that social security numbers, insurance identification numbers, credit card information or other identifying information which can frequently be used for purposes of identity theft were NOT compromised. SUNY Upstate has taken the appropriate steps to notify all patients affected, and the United States Secretary of the Department of Health and Human Services. We have also taken action with the employee that reflects the seriousness with which we view this incident, and the employee is no longer employed by SUNY Upstate Medical University.

It is important that patients affected by this incident exercise caution and be alert to suspicious activities that could result. For example, patients could be contacted by someone who has this information and fraudulently misrepresents his or her purpose in an effort to get you to divulge additional information that could be used for purposes of identity theft.

This incident occurred despite the stringent safeguards we have established to protect the security and privacy of our patient's information. We have used this incident as an opportunity to reinforce education with our employees regarding our privacy practices and policies pertaining to patient privacy and security practices to lessen the occurrence of a future incident of this nature.

If you have questions regarding this incident, please do not hesitate to contact us at 1-888-480-8684.