- South Carolina-based Bon Secours Health System, Inc. announced last week that it experienced a potential healthcare data breach that may affect 665,000 patients.
R-C Healthcare Management is a vendor that works with Bon Secours, and inadvertently made patient files available online as it attempted to adjust its computer network settings from April 18, 2016 to April 21, 2016, Bon Secours said in a statement.
Bon Secours made the discovery on June 14, 2016, and added that it immediately notified R-C Healthcare so that the patient information would no longer be available.
Available files may have included patients’ names, health insurers’ names, health insurance identification numbers, limited clinical information, Social Security numbers, and in some instances, bank account information. However, medical records were not available on the internet.
“We deeply regret any concern this may cause our patients,” Bon Secours said on its website. “To help prevent something like this from happening in the future, we are reinforcing standards with our vendors to ensure our patients’ information is securely maintained.”
Not all Bon Secours patients were affected, but the health system said that those who were potentially affected will receive a notification letter in the mail. Letters began to be sent out on August 12, 2016.
Bon Secours explained that there is no indication that the information in the files was misused in any way, however it recommends that affected patients review statements from their health insurance providers.
“If patients see that their insurer has been charged for services or procedures that they did not receive, they should contact their insurer to notify the insurer of their concerns,” the statement said. “Unfortunately, Bon Secours is not able to contact the insurer on the patient’s behalf.”
Just last week, Professional Dermatology Care, P.C. announced that 13,237 were potentially affected in a ransomware attack that occurred between June 19, 2016 and June 27, 2016.
The Virginia practice said that the criminals likely wanted to “extract money from the company in order to de-encrypt data, rather than for the misuse of patient data.”
“PDC P.C. has already taken numerous steps to safeguard and prevent any further data breach of its network server and its patients’ protected health information; we have increased cyber security, implemented a new firewall as well as malware protection services,” PDC P.C. stated on its website. “The data breach was immediately reported to the F.B.I. and reports are being provided to the Virginia Office of the Attorney General and to the U.S. Department of Health and Human Services.”