South Carolina-based Bon Secours Health System, Inc. recently suffered a potential healthcare. The incident may have affected 665,000 patients. According to the reports, Bon Secours has hired vendor R-C Healthcare Management which made patient files available online as it attempted to adjust its computer network settings.
R-C Healthcare was notified by the facility so that the patient information would no longer be available. Affected information included patients’ names, health insurers’ names, health insurance identification numbers, limited clinical information, Social Security numbers, and in some instances, bank account information. However, medical records were not available on the internet.
“We deeply regret any concern this may cause our patients,” Bon Secours said on its website. “To help prevent something like this from happening in the future, we are reinforcing standards with our vendors to ensure our patients’ information is securely maintained.”
Bon Secours mentioned that all patients were not affected. Those who were potentially affected will receive a notification letter in the mail. It also said that the information in the files was not misused in any way.
“If patients see that their insurer has been charged for services or procedures that they did not receive, they should contact their insurer to notify the insurer of their concerns,” the statement said. “Unfortunately, Bon Secours is not able to contact the insurer on the patient’s behalf.”
In previous week another health care data breach was noticed. Professional Dermatology Care, P.C. mentioned that 13,237 were potentially affected in a ransomware attack.
According to the facility criminals wanted to “extract money from the company in order to de-encrypt data, rather than for the misuse of patient data.”
“PDC P.C. has already taken numerous steps to safeguard and prevent any further data breach of its network server and its patients’ protected health information; we have increased cyber security, implemented a new firewall as well as malware protection services,” PDC P.C. stated on its website. “The data breach was immediately reported to the F.B.I. and reports are being provided to the Virginia Office of the Attorney General and to the U.S. Department of Health and Human Services.”
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.