Patient records were compromised at Bon Secours, a Maryland-based, nonprofit, Roman Catholic health care provider.
How many victims? 650,000
What type of information? Personal information of patients – including names, insurance identification numbers, banking information, Social Security numbers and some clinical data.
What happened? The data was exposed on the internet for four days after R-C Healthcare Management, a firm that helps hospitals with Medicaid reimbursements, adjusted network settings which resulted in the exposure online of personally identifiable information on Bon Secours patients in three states.
What was the response? The exposure was detected by Bon Secours on June 14. They notified R-C Healthcare, which claimed to take steps "to secure the information so that it could no longer be accessed via the internet,” according to a prepared statement. The health system also launched an internal investigation and started notifying affected patients by mail on August 12. The health system also extended to affected individuals a year's membership to identity protection services.
Quote: "The investigator confirmed the incident has been fully remediated. All R-C customers who might be affected have been notified of the situation and its resolution." – K. Michael Webdale, CEO, R-C Healthcare ManagementSource: HealthcareITNews / lohud