A data security incident involving a third-party vendor has affected some patients of Deaconess Health System in Evansville, Ind.
The incident was identified Feb. 2, when Deaconess’ release of information vendor MediCopy notified the health system that an unauthorized actor had accessed its cloud-based file-sharing platform and downloaded files Jan. 13. An investigation conducted with the vendor found the breach involved patient information tied to release of information requests.
The incident did not affect Deaconess’ internal IT systems or its electronic medical record system, according to a notice posted on the health system’s website. Instead, it was limited to certain patients at Deaconess Henderson Hospital in Henderson, Ky., Deaconess Union County Hospital in Morganfield, Ky., and affiliated clinics whose records were included in release requests.
The information exposed varied by individual but may have included names, Social Security numbers, dates of birth, medical record numbers, service dates, health insurance details and treatment-related medical records, the health system said in a news release.
Deaconess said it and MediCopy conducted a review to identify affected individuals and have since taken steps in response. MediCopy has implemented additional security measures to strengthen its file-sharing platform, and the incident has been reported to appropriate authorities.
Affected patients are being notified by mail and offered complimentary credit monitoring and identity protection services. Deaconess is also advising patients to monitor account statements and credit reports for unauthorized activity.
The health system said it “sincerely regrets any concern this may cause” and emphasized its commitment to protecting patient information.
The post Deaconess Health reports data breach tied to vendor appeared first on Becker's Hospital Review | Healthcare News & Analysis.
Source: Read Original Article
