American College of Cardiology breach affects 1,400 institutions

The American College of Cardiology has notified 1,400 institutions some patient data may have been compromised after the data was inadvertently made available to a third party vendor.

During a software redesign of the ACC's national cardiovascular data registry, a table of patient data was copied into the software test environment sometime between 2009 and 2010, and the incident was discovered in December, says Beth Casteel, a spokeswoman for the ACC.

Ms. Casteel says this was one table among 250 others that were populated with fabricated data to use during software development.

Healthcare organizations participate in the ACC's national cardiovascular data registry, providing data on patients and procedures to measure their cardiovascular care. The ACC contacted all hospitals whose patient data may have been accessed and provided them with documentation of the organization's investigation into the incident, Ms. Casteel says.

Pensacola, Fla.-based Sacred Heart Health System was one of the affected organizations. On Feb. 16, the ACC notified the health system the names, birth dates, Social Security numbers and internal patient identification numbers of 532 patients may have been compromised.

While ACC cannot share the names of other affected organizations due to confidentiality agreements, Ms. Casteel says Sacred Heart had more patients whose information was involved in the incident than most other affected organizations. The average number of patients involved per institution was fewer than 70, she says.

"The ACC has no reason to believe that anyone besides employees and trusted vendors accessed protected patient data," Ms. Casteel says. "Patient privacy is of paramount importance to the ACC and the National Cardiovascular Data Registry. Since this episode occurred but before it was discovered by the ACC, we have improved security controls, and we continue to update security processes and monitoring to ensure best practices are followed for protecting patient data."

More articles on data breaches:

Palm Beach County Health Department breached
7 latest data breaches
Einstein Health Network informs 3,000 patients of data breach: 5 things to know

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Whitepapers

Featured Webinars