Medical records of 2k patients left unprotected on contractor's server

Share this article:
Medical records of 2k patients left unprotected on contractor's server
Medical records of 2k patients left unprotected on contractor's server

Thousands of patients of a New York state hospital had their medical records exposed when they were left unprotected on a third-party server for several months. 

How many victims? More than 2,300.  

What type of personal information? Medical records, including handwritten doctors' notes that typically include diagnoses, test results and emergency department records.

What happened? On Thursday, Glens Falls Hospital announced that an outside contractor, which stores medical records for the hospital, left the data of patients on an unprotected server between November and mid-March. A forensic audit led hospital officials to learn of the breach.

What was the response? Notifications were sent to victims. In addition, the hospital set up a call center for patients with inquiries.

Details: Auditors concluded that some patient records may have been accessed or downloaded by intruders. A hospital spokeswoman said Social Security numbers, addresses, and financial information were not on the unsecured server.  

On March 14, the server was taken offline and, since discovering the incident, the hospital fired the contractor, Portal Healthcare Solutions.

Quote: "There's no way to tell how the records were accessed, or even if any actually were,” Darlene Raynsford, a Glens Falls Hospital spokeswoman, said.

Source: www.poststar.com, The Post-Star, Glens Falls Hospital alerts patients of possible information breach,” April 04, 2013.

Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.

Document posted to California city website, employee data accessed

In California, a document posted to the City of Encinitas website contained data on hundreds of current and former city staffers.