Concord Hospital Notifies Patients of Subcontractor’s Security Lapse

Published: June 11, 2007

CONCORD, N.H. – On June 8, Concord Hospital notified more than 9,000 patients and/or guarantors of a security lapse that occurred at a subcontractor’s facility that resulted in patients’ personal information being exposed on the Internet.

As soon as the lapse was identified, the problem was rectified and the personal information that was at risk was immediately secured. No credit card information was exposed, and to the hospital’s knowledge, no personal health information was at risk or compromised. However patients’ names, addresses, dates of birth and social security numbers were unprotected for a period of time.

“All of us at Concord Hospital are greatly distressed by this situation and truly sorry for any stress or inconvenience this may cause our patients. Our patients’ privacy is of the utmost importance and we will remain diligent in our efforts to prevent this type of breach from ever occurring again,” said Michael Green, Concord Hospital president and CEO.

On May 30, Verus Inc., the company with which Concord Hospital subcontracts with to enable patients to view and pay their bills online, notified the hospital that an unintentional lapse occurred in their data security procedures when they turned off a firewall for maintenance purposes.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

Since being notified of the security breach, Concord Hospital has taken all necessary actions to assure patient data remains secure and has suspended its Web site’s ‘My Bill’ feature indefinitely. In contacting the patients affected, the hospital shared pertinent information about how they might protect themselves against identity theft. The hospital has also established telephone hotlines at 603-230-7399 and toll free at 1-866-518-7587 with dedicated staff to respond to patients’ questions and concerns. In addition, local authorities have been notified as appropriate.

“Concord Hospital will use this experience as a catalyst to review all procedures and criteria used in selecting external service providers. Additionally, the hospital will initiate an internal review to assure compliance with best practices with regards to protection for all clinical, demographic and financial data generated and retained throughout the enterprise,” Green said.

__________________________________________________________________

Concord Hospital press release

Posted in: News

Tagged with:

ADVERTISEMENT
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series