Breach, Data Security

N.C. hospital patient info accessible via internet for longer than two years

Highlands-Cashiers Hospital in North Carolina is notifying about 25,000 patients that their personal information – including Social Security numbers – was accessible via the internet for longer than two years.

How many victims? About 25,000, according to reports

What type of personal information? Names, addresses, dates of birth, treatment information, diagnoses, health insurance information, and Social Security numbers.

What happened? Servers containing patient information were inadvertently left accessible by a third party information technology vendor, TruBridge.

What was the response? Steps were taken to have TruBridge secure the servers and make sure the information is no longer accessible via the internet. All impacted patients are being notified.

Details: The incident was revealed on Sept. 29 during a data security screening of Highlands-Cashiers Hospital computer systems. The servers containing personal information were accessible between May 2012 and September.

Quote: “Forensic computer investigators hired by us found no evidence based upon their investigation that this information was accessed through the internet or used in any way at all,” according to notification posted to the Highlands-Cashiers Hospital website.

Source: hchospital.org, “Notice to Highlands-Cashiers Hospital Patients Regarding Patient Information Privacy,” Nov. 24, 2014.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds