What type of personal information? Names, credit card numbers, birth dates and home addresses.
What happened? The virus struck the computer system on Dec. 11, 2007. Hospital officials thought they were able to fight it off but on Feb. 5, they detected anomalous activity. Forensic investigators who were brought in discovered that the data was possibly exposed.
What was the response? The health care system, which servers four hospitals in central Oregon, issued letters to affected individuals and promised one year of free credit monitoring. The IT department, meanwhile, plans to install another level of virus protection as a result.
Details: The IT staff believes the virus was introduced through a web browser or external device, such as a memory storage stick.
Quote: "A virus can be an insidious thing. We're running our virus sensitivities way up there, even at the expense of slower response times on the system, and we are looking at putting a redundant virus system on top of that other one." - Joe Smith, vice president of strategic planning.
Source: bendbulletin.com, "The Bulletin (Bend, Ore.), "Hospital donor files compromised," March 6.