A recent data breach at a research subsidiary of 821-bed Charleston (W. Va.) Area Medical Center has prompted the state's attorney general to shut down a compromised website and take steps to ensure identity protection for the 3,655 affected patients.
According to a news release from West Virginia Attorney General Darrell McGraw’s office, the hospital has taken protective measures, including hiring an outside risk management group, to prevent future security problems.
The breach occurred within the CAMC Health Education and Research Institute and was discovered when a patient was told by a family member that her name, Social Security number, birth date and other personal information was easily accessible on a CAMC website. The patient quickly notified the attorney general’s office, according to the statement.
The patients’ data had been accessed more than 90 times since the information was first posted on a site set up by a contractor working for CAMC in September 2010. No evidence of identity theft has been discovered so far, officials said. Most of the site’s hits were from hospital staff, but some were traced to India and Germany, according to McGraw's office.
The hospital is offering to pay for security freezes on patients' credit reports and one-year credit monitoring plans. CAMC has also set up a call center and help line. The attorney general's office said it will issue free credit reports for all patients whose data was compromised.
Source: http://www.modernhealthcare.com/article/20110217/NEWS/302179989/1153