Bon Secours Vendor Breach Exposes Data of 655K Patients

Aug. 15, 2016
Bon Secours Health System, based in Marriottsville, Md., is informing some 655,000 individuals that files containing patient information inadvertently had been left accessible by one of the health system’s vendors, R-C Healthcare Management.

Bon Secours Health System, based in Marriottsville, Md., is informing some 655,000 individuals that files containing patient information inadvertently had been left accessible by one of the health system’s vendors, R-C Healthcare Management.

While attempting to adjust their computer network settings during a multi-day period in April, R-C Healthcare inadvertently made files located within their computer network accessible via the internet. When Bon Secours discovered this issue on June 14, it notified R-C Healthcare of this issue so that the information could no longer be accessed via the internet, officials of the health system said in a notice to patients.

The notice read, “Our investigation determined that the files that were available via the internet may have contained patients’ names, health insurers’ names, health insurance identification numbers, limited clinical information, social security numbers, and in some instances, bank account information. Medical records were not made available via the internet and medical care has not and will not be affected.”

According to a report in the Richmond Times-Dispatch, a Bon Secours Richmond Health System spokeswoman said, “We do know that of the 655,000, fewer than 600 individuals had information that included a lab or diagnostic test name and none had diagnosis information.” The report added that R-C Healthcare Management, which helps hospitals generate revenue by optimizing existing data reporting, according to its website, is no longer a vendor of Bon Secours.

The health system, with facilities in in six states along the East Coast, said there is no knowledge that the information contained within the files has been misused in any way. “However, as a precaution, we began mailing letters to affected patients on August 12, 2016, and established a dedicated call center to answer patients’ questions,” Bon Secours said.

The month of August has already seen a few major data breaches reported in the industry. Phoenix-based Banner Health, one of the largest healthcare systems in the U.S., announced early in the month that it would be notifying approximately 3.7 million individuals about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. And on August 5, Albany, New York-based Newkirk Products, a BlueCross BlueShield business associate that issues healthcare ID cards for health insurance plans, reported a cyber security incident involving unauthorized access to a server containing approximately 3.3 million plan members’ personal information.

Sponsored Recommendations

Clinical Evaluation: An AI Assistant for Primary Care

The AAFP's clinical evaluation offers a detailed analysis of how an innovative AI solution can help relieve physicians' administrative burden and aid them in improving health ...

From Chaos to Clarity: How AI Is Making Sense of Clinical Documentation

From Chaos to Clarity dives deep into how AI Is making sense of disorganized patient data and turning it into evidence-based diagnosis suggestions that physicians can trust, leading...

Bridging the Health Plan/Provider Gap: Data-Driven Collaboration for a Value-Based Future

Download the findings report to understand the current perspective of provider and health plan leaders’ shift to value-based care—with a focus on the gaps holding them back and...

Exploring the future of healthcare with Advanced Practice Providers

Discover how Advanced Practice Providers are transforming healthcare: boosting efficiency, cutting wait times and enhancing patient care through strategic integration and digital...