NY Hospital Reports Internet BreachInformation on 6,800 Patients Vulnerable
"The information was inadvertently exposed on a web page, and as soon as this error was discovered, we made sure that the web page was removed," according to a hospital statement.
Only 10 of the patients had their Social Security numbers exposed. Other information included patient names, as well as a variety of other data, including age, vital signs, medications and lab test results. In most cases, not all of this information was included. The hospital says it has no evidence that any of the information has been misused.
The hospital is offering all affected patients one year's free membership in a credit protection service. It's also "strengthening our information and security systems and enhancing our employees' awareness," according to the statement.
The incident, discovered July 29, was not reported sooner because the hospital was investigating the details. Under the HITECH Act's interim final breach notification rule, breaches affecting 500 or more individuals must be reported to those affected and the Department of Health and Human Services' Office for Civil Rights within 60 days.