• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. Cybersecurity
    2. Privacy/Security

    Potential Data Breach at Children’s National Health System Due to Vendor Misconfiguration

    May 20, 2016
    Children’s National Health System, based in Washington, D.C., has issued a notice about a potential data breach after a third-party vendor inadvertently misconfigured a file site that enabled patient information to be accessed online.

    Children’s National Health System, based in Washington, D.C., has issued a notice about a potential data breach after a third-party vendor inadvertently misconfigured a file site that enabled patient information to be accessed online.

    Accord to a press release about the incident posted on the Children’s National Health System website, the potential data breach could impact patient information for as many as 4,107 patients.

    Ascend Healthcare Systems provided medical transcription services to Children’s National between May 1, 2014 and June 23, 2014. On February 25, 2016, Children’s National became aware that Ascend, an outside dictation vendor required under contract to maintain privacy of patient records, had inadvertently misconfigured a File Transfer Protocol (FTP) site—a standard network that is used to store and transfer computer files.

     “This might have allowed access from the Internet to transcription documents from a number of healthcare entities including Children’s National. We immediately began an investigation and determined that from February 19, 2016 to February 25, 2016 certain transcriptions could be located through a search engine, such as Google.  These transcriptions may have contained patients’ names, dates of birth, medications, and notes by physicians regarding patients’ diagnoses and treatments,” the health system system stated in its online posting.

    The information did not contain billing or financial information of Social Security numbers. Children’s National is reaching out to individuals whose data were potentially accessible, the health system stated.

    Patient data on the site may have included names, dates of birth, medication, and physicians’ notes regarding diagnosis and treatment.

    “As soon as the health system became aware of the issue, the transcription company, Ascend, was contacted and asked to re-secure the site and remove the transcription documents from the Ascend server. Children’s National is not aware of any unauthorized access to or misuse of these documents,” according to the health system.

    Children’s National ceased doing business with Ascend on June 23, 2014, and as part of that separation Ascend was contractually obligated to delete all Children’s patient information.

    Continue Reading

    Sponsored Recommendations

    Six Cloud Strategies to Combat Healthcare's Workforce Crisis

    The healthcare workforce shortage is a complex challenge, but cloud communications offer powerful solutions to address it. These technologies go beyond filling gaps—they are transformin...

    Transforming Healthcare with AI Powered Solutions

    AI-powered solutions are revolutionizing healthcare by enhancing diagnostics, patient monitoring, and operational efficiency - learn how to integrate these innovations into your...

    Enhancing Healthcare Through Strategic IT and AI Innovations

    Learn how strategic IT and AI innovations are transforming healthcare - join Tomas Gregorio as he explores practical applications that enhance clinical decision-making, optimize...

    The Intersection of Healthcare Compliance and Security in the Age of Deepfakes

    As healthcare regulations struggle to keep up with rapid advancements in AI-driven threats like deepfakes, the security gaps have never been more concerning.