Vendor misconfiguration breaches Children's National Health System patient data

Children's National Health System in Washington, D.C., is notifying patients and families of a potential data breach after a third-party vendor inadvertently misconfigured a network that allowed healthcare information to be found online.

Ascend Healthcare Systems provided medical transcription services to Children's NationalMedicalCenter, and the misconfiguration permitted transcription documents held in the network that stores and transfers computer files to be located through search engines, including Google. Certain transcriptions were searchable from Feb. 19 to Feb. 25.

Those documents may have contained patient names, birthdates, medications and physician notes regarding diagnoses and treatments. The documents did not contain billing or financial information, credit card numbers, Social Security numbers or banking information.

The incident affects patients whose dictated notes were sent to Ascend for transcription between May 1, 2014, and June 23, 2014.

Children's National asked Ascend to remove the information from the Internet. The health system stopped doing business with Ascend June 23, 2014.

The health system says it is unaware any of the information has been accessed or misused.

More articles on data breaches:

HHS' OCR to develop guide on preparing for, responding to ransomware 
Florida Medical Clinic notifies 1,000 patient of data breach after Greenway Health mistake 
Data breach at Iowa hospital affects 1,620 

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months