9,000 Concord Hospital Patient’s Online Data Exposed By A Breach
Concord Hospital has come up with the news that private information of almost 9,000 patients was exposed on the internet from more than one month. Hospital authorities informed the patients in a letter mailed on Friday (June 8, 2007) and then confirmed this violation of law on Friday (June 9, 2007).
On April 12, 2007, Verus, Inc., an online billing contractor located in Bellevue Wash., impaired the functioning of an electric firewall, which protects the data during its maintenance, and unintentionally left it turn off. They told the hospital about this breach on May 30, 2007.
According to the reports of Boston Herald on June 10, 2007, Concord Hospital president and CEO Michael Green cautions the users against identity theft and hacking. Although, information about medical and credit card data was not exposed, still he asks users to be more careful as their personal data has been accessed eight times.
Green continues by adding that they have no idea regarding how the data will be used for illegal purpose. He said that it took around a week to conduct a survey to find out the depth of the problem and then to send a letter through the mail.
From June 3, 2007 to June 10, 2007, the hospital carried out an investigation and reported that the stolen data has only demographic information about patients. The subcontractor also has a database containing details about patient's bill, but it was never revealed on Internet.
On Friday June 8, 2007 the hospital informed and sent the letter to the bureau of attorney general for consumer protection. The authorities suggest that the patients keep fraud alerts on their credit files by keeping in contact with one of the prominent credit-reporting agencies.
Green is regretful about the inconvenience caused to patients and held it as a human error. Meanwhile, talks are going with lawyers about some technique of online billing provider. Further, for the time being, it has closed down the option of "my bill" Web payment.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 22-06-2007