[BreachExchange] Personal information for thousands of Bon Secours patients left online

Audrey McNeil audrey at riskbasedsecurity.com
Fri Aug 12 13:56:34 EDT 2016 

http://wtvr.com/2016/08/12/bon-secours-data-exposed/

Bon Secours Health System is alerting more than 650,000 patients after
personal information was left unsecured on the internet. Data left exposed
included patient names, health insurer’s names, health insurance
identification numbers, social security numbers, and clinical information.

Bon Secours operates St. Mary’s Hospital in Henrico, Memorial Regional
Medical Center in Mechanicsville, Richmond Community Hospital in Richmond,
St. Francis Medical Center in Midlothian, and Rappahannock General Hospital
in Kilmarnock. Around 437,000 of the 650,000 impacted patients are in Bon
Secours Virginia, which includes both Bon Secours Richmond Health System
and Bon Secours Hampton Roads Health System.

The data was available online when a company working for Bon Secours
adjusted its network settings and “inadvertently left files containing
patient information accessible on the internet,” a Bon Secours spokesperson
said. Bon Secours discovered the mistake in June and “immediately notified
R-C Healthcare to secure the files.”

“Bon Secours has no knowledge or indication of fraudulent activity
resulting from R-C Healthcare’s oversight, but is making identity
protection, credit monitoring and alert services available to affected
patients for one year at no expense to the patient,” the Bon Secours Health
System spokesperson continued. “Medical records were not included, and Bon
Secours has no knowledge that the information contained within the files
has been misused in any way.”

Bon Secours is sending letters to affected patients. More information is
here (https://bonsecours.com/notice).

“We take the privacy and security of our patients’ information very
seriously and require our vendors to do the same,” Richard Statuto, Bon
Secours president and CEO, said in a statement. “In addition to notifying
all those potentially involved and providing them with identity protection
and credit monitoring, we are working with all of our vendors to reinforce
our high standards and expectations regarding privacy and security of
information.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160812/ec19f200/attachment.html>

More information about the BreachExchange mailing list