Feds May Investigate Data Breach at Kansas' Lawrence Memorial Hospital
Two weeks ago LMH notified the media of a breach of their online bill pay service, provided by Mid Continent Credit Services and hosted on a website by Brick Wire. Information included patients' names, contact information, healthcare providers and credit card and checking account information.
The hospital believes Brick Wire did a system upgrade on Sept. 20 and left a portal open that contained 28 LMH patients' payment records, which were then accessed by Google. The hospital suspects there was a way to use the portal to access a database with information on every patient who used the online bill pay service since 2005.
The potential federal investigation could lead to a $25,000 fine from the Office of Civil Rights. Susan Thomas, the hospital's compliance management director, said the vendors would most likely be responsible for paying the fine because patient privacy was part of the contract, according to the report. In addition, Andy Ramirez, LMH general counsel, said Mid Continent Credit Services agreed the hospital should not be held accountable and that the event was "completely outside the control of the hospital," according to the report.
Related Articles on Data Breaches:Kansas' Lawrence Memorial Reports Patients' Credit Card Info Publicly Exposed
California's Sutter Health Reports Stolen Computer With 4.2M Patients' Information
Data Breach Potentially Exposes Virginia Commonwealth University Medical Center Employees' Data
© Copyright ASC COMMUNICATIONS 2015. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.
To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.
New From Becker's Hospital CIO