In August, Children’s Minnesota discovered that internal calendars for some of its staff were misconfigured, allowing the calendars to be viewed and accessed by unauthorized people. Upon further investigation, officials learned that this error dated back to December 2011.
The calendar entries showed patient appointments, which included limited demographic and clinical information. Patient data that may have been exposed included names, medical record account numbers, insurance account numbers, dates of birth, appointment times and locations, dates of service, names or abbreviations of procedures, names and healthcare providers and insurance carriers.
Children’s Minnesota said there is no evidence that patient information has been misused.
More articles on cybersecurity:
Dr. David Feinberg responds to criticism of Ascension, Google project
Indiana physician group warns 3,500 patients of data breach
Ascension’s Eduardo Conrado: Fulfilling the promise of digital health information
