Home page logo
/

dataloss logo Data Loss mailing list archives

Email intruder causes N.C. hospital data breach
From: security curmudgeon <jericho () attrition org>
Date: Wed, 12 Dec 2012 01:54:23 -0600 (CST)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.clinical-innovation.com/topics/privacy-security/email-intruder-causes-nc-hospital-data-breach

By Beth Walsh
Clinical-Innovation.com
Dec 11, 2012

Approximately 5,600 patients of Carolinas Medical Center-Randolph are 
impacted by a data breach caused by an unauthorized electronic intruder 
who obtained incoming and outgoing emails from a provider's account 
without the provider's or the hospital's knowledge.

The security breach of the Charlotte, N.C. facility was discovered on Oct. 
8 following an upgrade in the hospital?s security software. Based on the 
investigation, the intruder obtained emails from the provider?s account 
between March 11 and Oct. 8, according to a release. Upon discovery of the 
breach, Carolinas HealthCare System hired a forensic investigator and 
notified federal law enforcement of the incident.

Based on information discovered through the investigation, most of the 
obtained emails did not contain patient information. While only five 
emails contained Social Security numbers, several contained some medical 
and other patient information. The emails appear to include one or more of 
the following: patient names, dates and times of service, provider and 
facility names, internal hospital medical record and account numbers, 
dates of birth, and treatment information, such as diagnosis, prognosis, 
medications, results and referrals. Potentially affected patients have 
been sent personal letters explaining the type of information involved.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.

  By Date           By Thread  

Current thread:
  • Email intruder causes N.C. hospital data breach security curmudgeon (Dec 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]