Albany College Of Pharmacy And Health Sciences Data Breach Exposes SSNs

On September 14, 2024, Albany College of Pharmacy and Health Sciences (ACPHS) detected unusual activity on its network, leading to the discovery of a data breach. The incident, which is believed to have occurred between August 31, 2024 and September 14, 2024, involved unauthorized access to certain systems by a threat actor known as MEDUSA, a ransomware group.

According to dark web monitoring, MEDUSA claimed responsibility for the attack and threatened to publish the stolen data within days.

The data accessed includes a wide range of personally identifiable information (PII) such as first and last names, dates of birth, birth certificates, account numbers, routing numbers, security codes, marriage certificates, mother’s maiden names, digital signatures, passport numbers, government identification numbers, Social Security numbers, taxpayer ID numbers, driver’s license numbers, payment card numbers, payment card expiration dates, alien registration numbers, usernames and passwords, and student information.

In addition, protected health information (PHI) was also compromised, including health insurance details, medical record numbers, mental or physical condition information, diagnosis and treatment records, procedure types, provider names, prescription information, and biometric data.

The attack method, ransomware, is particularly concerning because it often involves both data theft and the threat of public exposure or sale of sensitive information. While the total number of affected individuals has not yet been confirmed, ACPHS is conducting a thorough review to identify everyone whose data may have been impacted.

Albany College Of Pharmacy And Health Sciences's response

To support the community, ACPHS has set up a dedicated toll-free call center at 888-562-7067, available Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time (excluding holidays), to answer questions and provide guidance. The college encourages all potentially affected individuals to remain vigilant by monitoring their account statements, explanation of benefits forms, and credit reports for any suspicious activity.

Free credit reports can be obtained annually from each of the three major credit bureaus at AnnualCreditReport.com. Additionally, individuals can place fraud alerts or security freezes on their credit files to help prevent identity theft.

Given the nature of the breach and the involvement of ransomware, it is especially important for affected individuals to take the following steps:

• Review financial and medical statements for unauthorized activity.
• Consider placing a fraud alert or security freeze with the major credit bureaus.
• Be cautious about sharing personal and health information.
• Contact the call center if you suspect your information has been misused or if you have questions about the incident.

For more detailed information, affected individuals can review the official Notice of Data Security Incident posted by ACPHS.