Feds May Investigate Data Breach at Kansas' Lawrence Memorial Hospital

Share on Facebook
Lawrence (Kan.) Memorial Hospital may face a federal investigation into a data breach that potentially exposed financial information of more than 8,000 patients, according to a WellCommons report.

Two weeks ago LMH notified the media of a breach of their online bill pay service, provided by Mid Continent Credit Services and hosted on a website by Brick Wire. Information included patients' names, contact information, healthcare providers and credit card and checking account information.

The hospital believes Brick Wire did a system upgrade on Sept. 20 and left a portal open that contained 28 LMH patients' payment records, which were then accessed by Google. The hospital suspects there was a way to use the portal to access a database with information on every patient who used the online bill pay service since 2005.

The potential federal investigation could lead to a $25,000 fine from the Office of Civil Rights. Susan Thomas, the hospital's compliance management director, said the vendors would most likely be responsible for paying the fine because patient privacy was part of the contract, according to the report. In addition, Andy Ramirez, LMH general counsel, said Mid Continent Credit Services agreed the hospital should not be held accountable and that the event was "completely outside the control of the hospital," according to the report.

Related Articles on Data Breaches:

Kansas' Lawrence Memorial Reports Patients' Credit Card Info Publicly Exposed
California's Sutter Health Reports Stolen Computer With 4.2M Patients' Information

Data Breach Potentially Exposes Virginia Commonwealth University Medical Center Employees' Data



© Copyright ASC COMMUNICATIONS 2014. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

New From Becker's Hospital CIO

Health IT boom fueling medical identity theft

Read Now