Medical records of 2k patients left unprotected on contractor's server

Medical records of 2k patients left unprotected on contractor's server

Thousands of patients of a New York state hospital had their medical records exposed when they were left unprotected on a third-party server for several months. 

How many victims? More than 2,300.  

What type of personal information? Medical records, including handwritten doctors' notes that typically include diagnoses, test results and emergency department records.

What happened? On Thursday, Glens Falls Hospital announced that an outside contractor, which stores medical records for the hospital, left the data of patients on an unprotected server between November and mid-March. A forensic audit led hospital officials to learn of the breach.

What was the response? Notifications were sent to victims. In addition, the hospital set up a call center for patients with inquiries.

Details: Auditors concluded that some patient records may have been accessed or downloaded by intruders. A hospital spokeswoman said Social Security numbers, addresses, and financial information were not on the unsecured server.  

On March 14, the server was taken offline and, since discovering the incident, the hospital fired the contractor, Portal Healthcare Solutions.

Quote: "There's no way to tell how the records were accessed, or even if any actually were,” Darlene Raynsford, a Glens Falls Hospital spokeswoman, said.

Source: www.poststar.com, The Post-Star, “Glens Falls Hospital alerts patients of possible information breach,” April 04, 2013.