Vermont community hospital notifies 32,000 after data breach: 4 things to know

Julie Spitzer - Print  | 

The University of Vermont Health Network-Elizabethtown (N.Y.) Community Hospital is notifying 32,000 patients after an unauthorized individual breached an employee's email account in October.

Here are four things to know:

1. The unauthorized individual remotely accessed one hospital employee's email accounts. The hospital's computer networks and EMR were not affected.

2. Potentially compromised information included names, dates of birth, addresses, and limited medical information such as medical record numbers, dates of service and a brief summary of services provided. The account also contained Social Security numbers of 1,200 individuals.

3. The hospital has no evidence that any information contained in the account was viewed or used, but the hospital's investigation is ongoing.

4. "While we haven’t determined that any individual record was accessed, we are taking a broad approach in notifying anyone who could possibly be affected by this incident so they can take proactive measures to protect their information," the hospital's notice states. "Through our ongoing investigation, it's possible that we'll find that fewer individuals were affected."

More articles on cybersecurity:

Hospitals hit in nationwide bomb threat scam
Why the 1-size-fits-all approach doesn't work for hospital cybersecurity: Q&A with Proficio CISO Dickon Smart-Gill
5 most-read cybersecurity stories in 2018

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.