[ISN] Email intruder causes N.C. hospital data breach

From: InfoSec News <alerts_at_private>
Date: Wed, 12 Dec 2012 00:34:47 -0600 (CST)

By Beth Walsh
Dec 11, 2012

Approximately 5,600 patients of Carolinas Medical Center-Randolph are 
impacted by a data breach caused by an unauthorized electronic intruder 
who obtained incoming and outgoing emails from a provider's account 
without the provider's or the hospital's knowledge.

The security breach of the Charlotte, N.C. facility was discovered on 
Oct. 8 following an upgrade in the hospital’s security software. Based 
on the investigation, the intruder obtained emails from the provider’s 
account between March 11 and Oct. 8, according to a release. Upon 
discovery of the breach, Carolinas HealthCare System hired a forensic 
investigator and notified federal law enforcement of the incident.

Based on information discovered through the investigation, most of the 
obtained emails did not contain patient information. While only five 
emails contained Social Security numbers, several contained some medical 
and other patient information. The emails appear to include one or more 
of the following: patient names, dates and times of service, provider 
and facility names, internal hospital medical record and account 
numbers, dates of birth, and treatment information, such as diagnosis, 
prognosis, medications, results and referrals. Potentially affected 
patients have been sent personal letters explaining the type of 
information involved.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Tue Dec 11 2012 - 22:34:47 PST

This archive was generated by hypermail 2.2.0 : Tue Dec 11 2012 - 22:39:28 PST