Presbyterian Anesthesia reports data breach affecting nearly 10, 000

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.charlotteobserver.com/2013/05/13/4039763/presbyterian-anesthesia-reports.html

The credit card information of nearly 10,000 people may have been
accessed in a data breach at a Charlotte medical practice.

Presbyterian Anesthesia Associates has disclosed that a hacker broke
through a security flaw of the practice’s website to gain access to a
database of personal information, including names, contact
information, dates of birth and credit card numbers for 9,988 people.

No medical information was compromised, the practice said.
Presbyterian Anesthesia notified the FBI, which has launched an
investigation, Presbyterian Anesthesia said in a statement. The FBI
declined to comment.

Presbyterian Anesthesia could not be reached for comment Monday.

The practice has hired an identity theft firm to provide free
monitoring and insurance for people who were affected. It’s also
contracted with a new company to build a more secure website, and an
IT security firm to audit its operations.

Data breaches have become increasingly common as more financial
transactions migrate online. More than 1,500 separate instances
involving 4.8 million people in North Carolina have been reported
since 2005, according to the N.C. Department of Justice.

North Carolina law requires organizations to disclose data breaches to
the people affected and to the state justice department.

In December, Carolinas HealthCare System disclosed that about 5,600
patients at its Randolph Road location may have had personal
information compromised. After upgrading computer software, the
hospital system found that an “electronic intruder” gained access to
emails sent by the hospital between March and October 2012.

CHS said few contained personal information, though about five had
Social Security numbers. The hospital provided free credit monitoring
and notified state and federal authorities.

Earlier last year, UNC Charlotte found that bank account information
and Social Security numbers of more than 350,000 students and faculty
had been exposed. UNCC brought in law enforcement to investigate but
said it did not believe any information had been accessed or used
improperly. OBSERVER RESEARCHER MARIA DAVID CONTRIBUTED.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.