Clovis hospital warns of security breach
October 3, 2009
Cannon Connections photo: Liliana Castillo A server containing information for about 7,600 Plains Regional Medical Center mammography patients was hacked two years ago in North Carolina, exposing Social Security numbers and other private data.
Although a server containing information for about 7,600 Plains Regional Medical Center mammography patients was hacked two years ago in North Carolina, the hospital administrator expects no ill consequences.
Administrator Hoyt Skabelund said the hospital was notified several days ago the University of North Carolina at Chapel Hill, which developed the software PRMC uses to send follow-up letters to mammography patients, discovered an electronic security breach had occurred in 2007.
“We think it may be limited impact, given that it’s this old,” he said.
The breached files contained names, Social Security numbers and in many cases, dates of birth, addresses, phone numbers, demographic information, insurance status and health history, according to a written statement from the medical center.
Although there have been no reports of problems, Skabelund said the hacker would have been able to see the data. It’s impossible to tell if the information was extracted or recorded, he said.
The university is in the process of mailing letters to each patient whose information was compromised. The letters outline what those individuals can do to protect themselves.
Letters should be arriving in the mail early this week.
Skabelund said hospitals are required to stay in touch with women who have mammograms at their facility and remind them when to have another procedure.
PRMC used the University of North Carolina software, and when the breach occurred, some data was in Chapel Hill for system maintenance and testing.
Normally, the information is kept only at the hospital, Skabelund said.
A few months ago, he said, hospital leaders decided to use a different system for mammography patients’ information.
“It wasn’t caused by this breach, but we are changing software,” Skabelund said.
Even though the University of North Carolina had a good system, he said, hospital personnel are reconfirming the new system is more secure against hacking.
“It’s becoming one of the security risks in this day and age, and we take patient privacy seriously, and we’re making every effort to protect that,” Skabelund said.
Information: 1-877-434-3065 or http://unc.edu/cmr under “CMR Breach Information.”