An Ohio pediatric hospital is notifying patients and donors – totaling as many as 240,000 people – that their personal information may have been compromised by hackers.
Akron Children's Hospital said in a statement on its website that hackers obtained access to two separate computer databases containing the personal information of donors, hospital patients and their parents and guardians.
One compromised database contained the names, addresses, Social Security numbers and birth dates of patients and parents. An investigation into the matter has found no evidence that any of the information was exposed, according to a hospital statement.
The second breached database contained the financial information – including unencrypted bank account and routing numbers – of hospital donors.
The patient and family database contained the personal information of about 230,000, while the other database contained that of 12,000 donors, according to press reports.
The breach was discovered Sept. 6. The hospital did not notify law enforcement authorities until more than a month later, however, because it employed a consulting firm to investigate.
The investigation found no evidence that the information was downloaded or compromised, but the opportunity to view the data existed, according to the hospital.
"We wanted to understand the full scope of the situation before we notified people. So as soon as we identified the unauthorized entries, we contacted a computer security consulting firm, to begin a forensic investigation to determine the extent of the breach," read a statement form the hospital. "In addition, we needed to consult with the appropriate authorities so we knew exactly what steps we needed to take. We also began the process of establishing an information line and website to help answer questions related to this situation."
Click here to email Frank Washkuch Jr.