CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 27th, 2008

Intruder Gains Access To 128,000 Patients Database In Saint Mary’s Regional Medical Center Website Breach

Saint Mary’s Regional Medical Center recently discovered that an intruder may have gained access to a proprietary database through the on-line registration area of Saint Mary’s public facing website. The database is used for health education classes and wellness programs and contains personal information including name, address, limited health information and some Social Security numbers. The database did not contain any hospital medical records or credit card numbers. The potential breach was discovered in April 28.

Saint Mary’s Regional Medical Center sent warning letters this month to about 128,000 patients and clients. Saint Mary’s officials said they immediately shut down the database and launched an investigation with Equifax, which is one of the three major credit agencies. The medical center hired the Equifax company to investigate the breach, reconstruct the database, set up a dedicated hot line and compile addresses for the notification of customers.

According to same officials, the delay (almost 3 months) in notifications occurred because the database had to be reconstructed. Saint Mary’s has no evidence that any identity theft or fraud has occurred as a result of this incident, but is notifying in writing all persons whose information was included in the database.

Several recipients of the letters expressed concern about the nature of the database, including its size, about 128,000 records, and how their information was collected. Saint Mary’s officials said they were trying to determine if everyone affected was informed and the records were compiled properly. Others wondered how Saint Mary’s managed to find them and whether the center keeps personal information for decades after treatment. Saint Mary’s officials said the database is “absolutely separate” from hospital medical records.

Saint Mary’s Regional Medical Center have put new security measures in place to minimize the likelihood of this occurring again, said Saint Mary’s president and CEO. Free credit monitoring is being offered to those customers whose Social Security numbers were in the database. More information is available on Saint Mary’s website at www.saintmarysreno.org, or by calling Saint Mary’s infoline at 775-770-7711.

Share this item with others:

More on CyberInsecure:
  • Patients Personal Data Compromised In Walter Reed Army Medical Center
  • University Of California At San Francisco Patients Records Exposed
  • UK Prime Minister’s Health Records Breached In 2.5 Million People Database Attack
  • University Of Massachusetts Amherst’s Health Services Network Breached By Hackers
  • Hundreds Of UCLA Medical Employees Abused Privilege And Looked Into Celebrities Medical Records

    • Posted in Breaches And Incidents, Data Theft, Privacy | Print This Post Print This Post

    This entry was posted on Sunday, July 27th, 2008 at 10:15 am and is filed under Breaches And Incidents, Data Theft, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Intruder Gains Access To 128,000 Patients Database In Saint Mary’s Regional Medical Center Website Breach

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »