Bon Secours Vendor Breach Exposes Data of 655K Patients

Aug. 15, 2016
Bon Secours Health System, based in Marriottsville, Md., is informing some 655,000 individuals that files containing patient information inadvertently had been left accessible by one of the health system’s vendors, R-C Healthcare Management.

Bon Secours Health System, based in Marriottsville, Md., is informing some 655,000 individuals that files containing patient information inadvertently had been left accessible by one of the health system’s vendors, R-C Healthcare Management.

While attempting to adjust their computer network settings during a multi-day period in April, R-C Healthcare inadvertently made files located within their computer network accessible via the internet. When Bon Secours discovered this issue on June 14, it notified R-C Healthcare of this issue so that the information could no longer be accessed via the internet, officials of the health system said in a notice to patients.

The notice read, “Our investigation determined that the files that were available via the internet may have contained patients’ names, health insurers’ names, health insurance identification numbers, limited clinical information, social security numbers, and in some instances, bank account information. Medical records were not made available via the internet and medical care has not and will not be affected.”

According to a report in the Richmond Times-Dispatch, a Bon Secours Richmond Health System spokeswoman said, “We do know that of the 655,000, fewer than 600 individuals had information that included a lab or diagnostic test name and none had diagnosis information.” The report added that R-C Healthcare Management, which helps hospitals generate revenue by optimizing existing data reporting, according to its website, is no longer a vendor of Bon Secours.

The health system, with facilities in in six states along the East Coast, said there is no knowledge that the information contained within the files has been misused in any way. “However, as a precaution, we began mailing letters to affected patients on August 12, 2016, and established a dedicated call center to answer patients’ questions,” Bon Secours said.

The month of August has already seen a few major data breaches reported in the industry. Phoenix-based Banner Health, one of the largest healthcare systems in the U.S., announced early in the month that it would be notifying approximately 3.7 million individuals about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. And on August 5, Albany, New York-based Newkirk Products, a BlueCross BlueShield business associate that issues healthcare ID cards for health insurance plans, reported a cyber security incident involving unauthorized access to a server containing approximately 3.3 million plan members’ personal information.

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...

Powering a Digital Front Door with a Comprehensive Provider Directory

Learn how Geisinger improved provider data accuracy, SEO, and patient acquisition with a comprehensive provider directory.

Data-driven, physician-focused approach to CDI improvement

Organizational profile Sisters of Charity of Leavenworth (SCL) Health* has been providing care since it originated in the 1600s in France as the Daughters of Charity. These religious...

Luminis Health improved quality and financial outcomes with advanced CDI technology and consulting from 3M

In the beginning, there were challengesBefore partnering with 3M Health Information Systems (HIS), Luminis Health’s clinical documentation integrity (CDI) program faced ...