Medical records of 2k patients left unprotected on contractor's server

Share this article:
Medical records of 2k patients left unprotected on contractor's server
Medical records of 2k patients left unprotected on contractor's server

Thousands of patients of a New York state hospital had their medical records exposed when they were left unprotected on a third-party server for several months. 

How many victims? More than 2,300.  

What type of personal information? Medical records, including handwritten doctors' notes that typically include diagnoses, test results and emergency department records.

What happened? On Thursday, Glens Falls Hospital announced that an outside contractor, which stores medical records for the hospital, left the data of patients on an unprotected server between November and mid-March. A forensic audit led hospital officials to learn of the breach.

What was the response? Notifications were sent to victims. In addition, the hospital set up a call center for patients with inquiries.

Details: Auditors concluded that some patient records may have been accessed or downloaded by intruders. A hospital spokeswoman said Social Security numbers, addresses, and financial information were not on the unsecured server.  

On March 14, the server was taken offline and, since discovering the incident, the hospital fired the contractor, Portal Healthcare Solutions.

Quote: "There's no way to tell how the records were accessed, or even if any actually were,” Darlene Raynsford, a Glens Falls Hospital spokeswoman, said.

Source: www.poststar.com, The Post-Star, Glens Falls Hospital alerts patients of possible information breach,” April 04, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.