BreachExchange mailing list archives
Sentara taking action to protect patients after security breach
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Thu, 3 Jan 2013 10:38:35 -0600
http://wtkr.com/2013/01/02/sentara-taking-action-to-protect-patients-after-security-breach/ Sentara Healthcare System is taking action to protect its patients after someone stole a contractor’s laptop in California. “Fortunately, the amount of information was limited to patients’ names, medications and date of births. There was no financial information involved, no social security numbers or insurance information,” said Greg Burkhart, the Chief Privacy Officer for Sentara. Burkhart tells NewsChannel 3 that he does not believe any personal data has been accessed or used improperly since the security breach. But the contractor, Omnicell Inc., is still notifying patients through a letter out of caution. “We’ve been working with them [Omnicell] since they advised us of the incident. They [Omnicell] have changed security protocols, they’ve provided employee information and updated security policies. They’ve [Omnicell] been working with us to get to the bottom of this incident and advised everyone that needs to know,” Burkhart said. Anyone treated between October 18th and November 9th at any of Sentara’s seven hospitals and three outpatient care centers in our area may have been affected. Ominicell is also now requiring all contractors and vendors to use encryption software when accessing patient information as part of an agreement with Sentara. “We trust that this problem will not occur again,” said Burkhart. The letters were mailed to all affected patients beginning this week. If you do not receive a letter by January 21 or still have some concerns, you can call 1-855-755-8482 and enter the reference code 6236121712. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Sentara taking action to protect patients after security breach Erica Absetz (Jan 03)