- It is also reported that 4,000 Social Security numbers were compromised in the breach.
- Personal information included patient names, contact information, and medical record numbers.
A hospital in Rutland suffered a major data breach recently. Rutland Regional Medical Center(RRMC) was victim to a breach that involved more than 70,000 of its patients. Apparently, this incident is said to have occurred a few months ago. Officials of the hospital, however, have said that no information has been misused.
The big picture
- According to the hospital’s press release, an unknown person/entity gained unauthorized access to an employee’s email account.
- The date of the incident is speculated to be Dec.31, 2018.
- Apart from the affected records, over 4,000 Social Security numbers (SSN) were also out in the open.
- Patient names, contact information, and medical record numbers were the other information breached.
- Data files containing patients’ diagnosis are also likely to be exposed as a result of compromised employee email accounts.
- A foreign entity is believed to have committed the data breach.
What actions were taken?
- RRMC has brought in a third-party forensic expert to thoroughly investigate the security incident.
- Furthermore, the hospital informed the U.S. Department of Health and Human Services and the Vermont attorney general’s office of the breach.
- It has also promised to offer credit monitoring services and credit restoration services for those with SSNs compromised.
Why it matters?
Claudio Fort, President, and CEO of RRMC told Rutland Herald about the severity associated with the data breach. “There’s no doubt about it, that’s a very high number. We’re very concerned about that, It’s a limited amount but still, even the fact of identifying whether someone was a patient here at the hospital, we consider it a HIPAA (Health Insurance Portability and Accountability Act) security incident, and we take that very seriously,” said Fort.
Post the incident, RRMC has suggested its patients review any suspicious activity related to their accounts and to be vigilant against identity theft and fraud.