HealthSource of Ohio, a community health center in Southwest Ohio, has announced that the protected health information of 8,800 patients was accessible on the internet for more than a month.
HSO utilizes a web-based software program to provide information to patients calling with billing questions. Each staff member must authenticate his/her identity and enter a unique password to access the file information. On December 24, 2013, HSO discovered that file information from 2004 through 2013 had been unprotected and available to unauthorized individuals searching the internet from November 18, 2013 through December 24, 2013. HSO says it disabled the site access and immediately secured the information so that it can only be accessed by qualified HSO staff.
HSO completed an investigation which indicated that the file contained demographic and personal identifying information such as names, account numbers, addresses and phone numbers for the compromised individuals. Additional information such as dates of birth, social security numbers, credit card numbers, and some limited healthcare information appeared in some individual call entries. The investigation showed that the file was viewed 47 times.