Charleston (W.V.) Area Medical Center and the West Virginia attorney general has taken actions to secure the private information of 3,655 patients affected by a data breach on a CAMC website, according to a news release from the attorney general's office.
The breach was discovered by a People's Federal Credit Union employee during a telephone conversation with her brother-in-law. The brother-in-law had done an online search for an address so that he could invite a relative to a family wedding. He found that the relative's name, address, birth date, Social Security number, patient ID and other sensitive data was easily accessible on WVChamps.com, a CAMC website relating to respiratory and pulmonary rehabilitation for seniors.
Patient information on WVChamps.com had been accessed 94 times, including hits from the attorney general's office and CAMC staff, since the reports were first posted on Sept. 2010. Although no instances of identity theft have yet been identified, the attorney general's office is closely monitoring for any illicit use of patient data. Officers at CAMC have agreed to a number of measures to safeguard the information that was compromised, protect against further breaches and ensure that the hospital's other websites are secure. CAMC has also hired a risk management group to conduct a security assessment.
Read the news release about CAMC's data breach.
Read other coverage about hospital data breaches:
- UMass Amherst Data Breach Affects 942 Patients
- Deloitte: Some Healthcare Organizations Ill-Prepared for Data Breaches
- Henry Ford Health System Loses Information on More Than 2K Patients
The breach was discovered by a People's Federal Credit Union employee during a telephone conversation with her brother-in-law. The brother-in-law had done an online search for an address so that he could invite a relative to a family wedding. He found that the relative's name, address, birth date, Social Security number, patient ID and other sensitive data was easily accessible on WVChamps.com, a CAMC website relating to respiratory and pulmonary rehabilitation for seniors.
Patient information on WVChamps.com had been accessed 94 times, including hits from the attorney general's office and CAMC staff, since the reports were first posted on Sept. 2010. Although no instances of identity theft have yet been identified, the attorney general's office is closely monitoring for any illicit use of patient data. Officers at CAMC have agreed to a number of measures to safeguard the information that was compromised, protect against further breaches and ensure that the hospital's other websites are secure. CAMC has also hired a risk management group to conduct a security assessment.
Read the news release about CAMC's data breach.
Read other coverage about hospital data breaches:
- UMass Amherst Data Breach Affects 942 Patients
- Deloitte: Some Healthcare Organizations Ill-Prepared for Data Breaches
- Henry Ford Health System Loses Information on More Than 2K Patients