Medical records of 2k patients left unprotected on contractor's server

Share this article:
Medical records of 2k patients left unprotected on contractor's server
Medical records of 2k patients left unprotected on contractor's server

Thousands of patients of a New York state hospital had their medical records exposed when they were left unprotected on a third-party server for several months. 

How many victims? More than 2,300.  

What type of personal information? Medical records, including handwritten doctors' notes that typically include diagnoses, test results and emergency department records.

What happened? On Thursday, Glens Falls Hospital announced that an outside contractor, which stores medical records for the hospital, left the data of patients on an unprotected server between November and mid-March. A forensic audit led hospital officials to learn of the breach.

What was the response? Notifications were sent to victims. In addition, the hospital set up a call center for patients with inquiries.

Details: Auditors concluded that some patient records may have been accessed or downloaded by intruders. A hospital spokeswoman said Social Security numbers, addresses, and financial information were not on the unsecured server.  

On March 14, the server was taken offline and, since discovering the incident, the hospital fired the contractor, Portal Healthcare Solutions.

Quote: "There's no way to tell how the records were accessed, or even if any actually were,” Darlene Raynsford, a Glens Falls Hospital spokeswoman, said.

Source: www.poststar.com, The Post-Star, Glens Falls Hospital alerts patients of possible information breach,” April 04, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.