Third-party security flaw exposes information of nearly 9k Silver Cross patients

New Lenox, Ill.-based Silver Cross Hospital on June 14 discovered a third-party website management vendor may have exposed patient information.

Individuals can submit information and inquiries to Silver Cross via various forms on its website. The vendor that manages and hosts data from these forms performed a software upgrade November 2016, which reconfigured security settings in a way that made data available on the internet, according to an investigation by a third-party forensics firm.

Silver Cross officials reported 8,862 individuals were affected in the incident, according to an Aug. 11 submission to HHS' Office for Civil Rights breach portal. The incident impacted data submitted to web forms between January 2013 and June 14, 2017, such as names, dates of birth and provider information, among other information.

There is no evidence an unauthorized person accessed sensitive information on any of the affected forms, according to Silver Cross. Upon discovering the issue, Silver Cross officials immediately contacted the vendor to secure data from potential unauthorized access. Officials are working with the vendor to implement security reconfigurations and to conduct a detailed assessment of its security practices.

Silver Cross also offered affected individuals one year of free credit monitoring services.

"This was an isolated incident and there is no evidence that anyone's information was taken," a Silver Cross spokesperson told Becker's Hospital Review via email. "However, because there was the potential for information stored at the vendor to be obtained on the internet, we notified anyone who may have been impacted and voluntarily notified the proper authorities."

Click here to view the full notice.

More articles on cybersecurity:
Microsoft: New email spam sends users to tech support scam websites
Uber enters settlement after FTC alleges deceptive data privacy claims: 6 things to know
15k patients affected after Texas OB-GYN provider hit with keylogger malware

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers