A file containing personal information – including Social Security numbers and payment card data – on almost 9,000 patients of HealthSource of Ohio (HSO) was viewed 47 times in the roughly five-week span it was made available on the internet.
How many victims? About 8,800.
What type of personal information? Names, addresses, dates of birth, phone numbers, account numbers, Social Security numbers, payment card numbers, and some limited healthcare information.
What happened? A file containing the personal information was made available on the internet.
What was the response? HSO disabled access to the information and completed an investigation. Impacted patients are being notified.
Details: HSO learned on Dec. 24, 2013, that the personal information – dating from 2004 to 2013 – was made available on the internet from Nov. 18, 2013, to Dec. 24, 2013. An investigation revealed that the information was viewed 47 times. The personal data comes from a web software that HSO uses to provide billing information to patients.
Source: healthsourceohio.com, “Privacy Breach,” March 2014.