Wednesday, August 12, 2015

Patient portals at Leitchfield hospital are breached in cyber attack; officials say it did not involve any data in state system

By Melissa Patrick
Kentucky Health News

Twin Lakes Regional Medical Center's patient portals were the target of a sophisticated cyber attack earlier this year, which may have breached protected patient health information, reports The Record, a Leitchfield newspaper.

The cyber attack was made on one of the Kentucky Health Information Exchange's patient portal vendors, NoMoreClipboard. KHIE patient portals are secure, online websites that give patients access to their personal health information.

"The NoMoreClipboard breach only affected one hospital, Twin Lakes," Beth Fisher, spokeswoman for the Cabinet for Health and Family Services, said in an e-mail. "The breach affected the patient portal maintained by NoMoreClipboard, not KHIE. No information from KHIE was breached or accessed."

KHIE provides a common electronic information infrastructure that supports the exchange of electronic health information among healthcare providers and organizations throughout Kentucky. It contracts with many different vendors to provide this service.

The security notice from NoMoreClipbard said the data that might have been compromised are: an individuals’ name, home address, Social Security number, username, password, spousal information (name and potentially date of birth), security question and answer, email address, date of birth, health information, and health insurance policy information. The newspaper says that no financial or credit card information was compromised because this information is not collected or stored.

The hospital made the announcement on July 27 and asked patients to not call the hospital "since the breach did not involve any information stored by the hospital or by any local doctor's office," the newspaper writes.

As of July 30, the hospital could not determine the number of people affected by the breach, but said "It should be kept to a minimum since the system was only recently put into place," the newspaper reports.

NoMoreClipboard began contacting affected individuals on June 2, according to the online security notice. It has also established a confidential, toll-free hotline to answer any questions. The hotline is available Monday through Friday, 8 a.m. to 8 p.m. CDT and can be reached at 866-328-1987.

NoMoreClipboard is offering credit monitoring and identity protection services to affected individuals, free of charge, for the next 24 months. Click here to see the security notice sent to its clients.

No comments:

Post a Comment