Hospital data breaches continue to pile up

A timely reminder just as health IT professionals head off to HIMSS11: compromised PHI is still a headline grabber. Just days after learning the confidential personal health data of roughly 1.7 million New York City patients, staff members and others affiliated with four Bronx hospitals was stolen in December, the West Virginia Attorney General’s Office has acknowledged that the personal information of 3,655 patients at the Charleston Area Medical Center (CAMC) was placed onto a publicly available Web site.

I’m not going to beat a dead horse here because I know healthcare’s CIOs have been working hard to get a handle on patient data breaches, but enough’s enough already.
 
As InfoSecurity.com reports, in the case of CAMC: “The breach was discovered by Lorrie Lane during a telephone conversation with her brother-in-law, who had done an online search for an address so that he could invite a relative to a family wedding. He found that the relative’s name, address, birth date, social security number, patient ID, and other sensitive data was easily accessible on WVChamps.com, a CAMC website relating to respiratory and pulmonary rehabilitation for seniors. Lane then contacted the Attorney General’s Office about the data breach.”
 
The rest, as they say, is history. CAMC responded by doing what you’d expect them to do; they’ve hired a risk management group to perform a security assessment of the hospital's networks and they’re offering data breach victims an option to place a security freeze on their credit reports paid for by CAMC, a one-year enrollment in a credit report monitoring plan from Equifax, and a call center with a toll-free number for questions about the breach.
 
According to the InfoSecurity.com report, the Attorney General’s Office said it will run free credit reports for anyone whose information was included on the compromised Web site.
 
Barn door closed. Whereabouts of horse unknown.

Photo obtained from CAMC Health System.