Highlands-Cashiers Hospital in North Carolina is notifying about 25,000 patients that their personal information – including Social Security numbers – was accessible via the internet for longer than two years.
How many victims? About 25,000, according to reports.
What type of personal information? Names, addresses, dates of birth, treatment information, diagnoses, health insurance information, and Social Security numbers.
What happened? Servers containing patient information were inadvertently left accessible by a third party information technology vendor, TruBridge.
What was the response? Steps were taken to have TruBridge secure the servers and make sure the information is no longer accessible via the internet. All impacted patients are being notified.
Details: The incident was revealed on Sept. 29 during a data security screening of Highlands-Cashiers Hospital computer systems. The servers containing personal information were accessible between May 2012 and September.
Quote: “Forensic computer investigators hired by us found no evidence based upon their investigation that this information was accessed through the internet or used in any way at all,” according to notification posted to the Highlands-Cashiers Hospital website.
Source: hchospital.org, “Notice to Highlands-Cashiers Hospital Patients Regarding Patient Information Privacy,” Nov. 24, 2014.