Concord Hospital Notifies Patients of Subcontractor’s Security Lapse

CONCORD, N.H. – On June 8, Concord Hospital notified more than 9,000 patients and/or guarantors of a security lapse that occurred at a subcontractor’s facility that resulted in patients’ personal information being exposed on the Internet.

As soon as the lapse was identified, the problem was rectified and the personal information that was at risk was immediately secured. No credit card information was exposed, and to the hospital’s knowledge, no personal health information was at risk or compromised. However patients’ names, addresses, dates of birth and social security numbers were unprotected for a period of time.

“All of us at Concord Hospital are greatly distressed by this situation and truly sorry for any stress or inconvenience this may cause our patients. Our patients’ privacy is of the utmost importance and we will remain diligent in our efforts to prevent this type of breach from ever occurring again,” said Michael Green, Concord Hospital president and CEO.

On May 30, Verus Inc., the company with which Concord Hospital subcontracts with to enable patients to view and pay their bills online, notified the hospital that an unintentional lapse occurred in their data security procedures when they turned off a firewall for maintenance purposes.

Since being notified of the security breach, Concord Hospital has taken all necessary actions to assure patient data remains secure and has suspended its Web site’s ‘My Bill’ feature indefinitely. In contacting the patients affected, the hospital shared pertinent information about how they might protect themselves against identity theft. The hospital has also established telephone hotlines at 603-230-7399 and toll free at 1-866-518-7587 with dedicated staff to respond to patients’ questions and concerns. In addition, local authorities have been notified as appropriate.

“Concord Hospital will use this experience as a catalyst to review all procedures and criteria used in selecting external service providers. Additionally, the hospital will initiate an internal review to assure compliance with best practices with regards to protection for all clinical, demographic and financial data generated and retained throughout the enterprise,” Green said.

__________________________________________________________________

Concord Hospital press release

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo