Medical records of 2k patients left unprotected on contractor's server

Share this article:
Medical records of 2k patients left unprotected on contractor's server
Medical records of 2k patients left unprotected on contractor's server

Thousands of patients of a New York state hospital had their medical records exposed when they were left unprotected on a third-party server for several months. 

How many victims? More than 2,300.  

What type of personal information? Medical records, including handwritten doctors' notes that typically include diagnoses, test results and emergency department records.

What happened? On Thursday, Glens Falls Hospital announced that an outside contractor, which stores medical records for the hospital, left the data of patients on an unprotected server between November and mid-March. A forensic audit led hospital officials to learn of the breach.

What was the response? Notifications were sent to victims. In addition, the hospital set up a call center for patients with inquiries.

Details: Auditors concluded that some patient records may have been accessed or downloaded by intruders. A hospital spokeswoman said Social Security numbers, addresses, and financial information were not on the unsecured server.  

On March 14, the server was taken offline and, since discovering the incident, the hospital fired the contractor, Portal Healthcare Solutions.

Quote: "There's no way to tell how the records were accessed, or even if any actually were,” Darlene Raynsford, a Glens Falls Hospital spokeswoman, said.

Source: www.poststar.com, The Post-Star, Glens Falls Hospital alerts patients of possible information breach,” April 04, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.