Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Email intruder causes N.C. hospital data breach

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 12 Dec 2012 00:34:47 -0600 (CST)
http://www.clinical-innovation.com/topics/privacy-security/email-intruder-causes-nc-hospital-data-breach

By Beth Walsh
Clinical-Innovation.com
Dec 11, 2012
Approximately 5,600 patients of Carolinas Medical Center-Randolph are impacted by a data breach caused by an unauthorized electronic intruder who obtained incoming and outgoing emails from a provider's account without the provider's or the hospital's knowledge.
The security breach of the Charlotte, N.C. facility was discovered on Oct. 8 following an upgrade in the hospital’s security software. Based on the investigation, the intruder obtained emails from the provider’s account between March 11 and Oct. 8, according to a release. Upon discovery of the breach, Carolinas HealthCare System hired a forensic investigator and notified federal law enforcement of the incident.
Based on information discovered through the investigation, most of the obtained emails did not contain patient information. While only five emails contained Social Security numbers, several contained some medical and other patient information. The emails appear to include one or more of the following: patient names, dates and times of service, provider and facility names, internal hospital medical record and account numbers, dates of birth, and treatment information, such as diagnosis, prognosis, medications, results and referrals. Potentially affected patients have been sent personal letters explaining the type of information involved. 

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: