Officials at the US Lawrence Memorial Hospital said they are anticipating a federal investigation and possible fine after an online security breach potentially compromised 8,000 patients’ financial information.
Ouch!
The breach apparently occurred around 20 September when a company that hosts the hospital’s online bill paying service was upgrading its system. The company apparently left a portal open that contained payment records from only 28 patients. That information was crawled by Google. But not only that. The results were also cached and kept public. Ouch!
That hurts even more!
Officials from the Lawrence Memorial Hospital also believe there was a way to access a database that contained information on every patient who had used the online bill pay system since it was first offered in 2005 from that portal.
Please stop!
The hospital learned about the security breach on 28 October. And guess how: a patient using Google to search her husband’s name found his own financial information online. Just imagine…
Some more background information
- the hospital did not own or maintain the computers that operated the online bill pay system.
- the hospital wasn’t hacked and the hospital described the situation as a “self-inflicted wound” by the company that hosted the billing service.
- if a federal investigation leads to a fine, the vendors most likely would be responsible for paying it because the contract required them to keep patient records private.
- the hospital has been advising patients to take steps that would make them feel more comfortable — whether it be putting a lock on the account or obtaining a new bank card.
- Two patients have contacted the hospital so far about charges to their accounts they consider suspicious.
Cláudia Wada on