3,116 NEA Baptist Clinic patients notified after web site hacked
Listed in the most recent batch of updates to HHS’s breach tool was an entry for NEA Baptist Clinic in Jonesboro, Arkansas.
A statement on the clinic’s web site, which I found through a Google search and not via a link from their home page, says:
NEA Baptist Clinic’s former public website was compromised by an electronic attack on July 12, 2011. Individuals affected by the incident are those people who previously registered with the website as part of using one of the website’s special functions. NEA Baptist Clinic immediately took down the website and then engaged a private, information security firm to assist in analyzing the details of the attack. Based on the analysis performed, the information compromised includes email addresses or usernames along with passwords for the NEA Baptist Clinic website. In some cases, additional information such as names, addresses, and dates of birth, also may have been compromised. No Social Security numbers were involved. No medical records were involved.
Baptist is encouraging all persons who previously registered with the website to change their passwords if they used the same password for any other account. Although we believe that the risk of personal information being used improperly is relatively low, we are aware that the hacker was able to crack some of the more basic passwords used on the website. If you regularly use the same password for all accounts you create, you need to change your passwords at this time. Of particuar concern are the passwords for any financial accounts or other accounts that are linked to a bank account or credit card number, for example, a Paypal, eBay, or Amazon.com account.[…]