[BreachExchange] Rutland hospital notifying 74K hit by data breach

Destry Winant destry at riskbasedsecurity.com
Fri Mar 22 08:54:27 EDT 2019


Thousands of people were notified this week about a data breach at the
Rutland Regional Medical Center that put their private information at

Now, some say the hospital should have done more to prevent it and
notified patients sooner.

The hospital says they were notified about the breach in December
after an employee noticed a large number of spam emails being sent
from the hospital's account. Now, files containing personal
information of more 72,000 people could be in jeopardy.

Information like names, medical records, billing and contact
information could be accessed as a result.

The hospital says the email account also contained more than 3,500
Social Security numbers.

Earlier this week, the hospital sent out letters to affected patients
to let them know about the breach.

Loyal Wescott was one of those patients that received his letter
Wednesday morning. He says he should have been notified weeks ago and
wants the hospital to be held accountable.

"They didn't know anything," Wescott said. "I realize that the mail
takes a couple of days, but not all the way to March 15th of this

The hospital says it can't say if any information was actually
accessed, but a spokeswoman for the hospital says they have doubled
down on security.

The hospital says a new IT specialist was hired, and they're
conducting security audits. Staff is also getting trained on patient
security and software to prevent another breach from happening again.

More information about the BreachExchange mailing list