The hospital said a limited dataset was unintentionally saved in unencrypted files and posted online through an application development site May 2015. A security expert discovered the privacy issue April 29, 2017, and reported it to the hospital, according to The Gazette. The hospital deleted all files May 1, 2017, shortly after it learned about the incident.
Hospital officials said there is no indication any information — which included patient names, dates of admission and medical record numbers — was misused or “further disclosed.”
“UI Health Care understands the serious nature of any potential breach — no matter how limited — so it has conducted a thorough investigation, identified and mitigated the risks, and strengthened its training and information oversight efforts to prevent a similar occurrence,” hospital officials told Becker’s in an emailed statement.
Click here to read UI Health Care’s public notice.
More articles on health IT:
Microsoft, other tech companies use robotics to address Zika
athenahealth: 5 thoughts on proposed Quality Payment Program
