Carle health system warns of data breach due to vendor error

The Carle health system in Illinois issued this statement regarding a breach due to an unnamed vendor error:

Notice to Our Patients Regarding Server Files

Carle is committed to protecting the security and confidentiality of our patients’ information. This notice is to inform our patients about an incident involving some patients’ information.

On June 14, 2016, we learned that a vendor had placed files containing patient information on a Carle file server on February 17, 2016, potentially allowing them to become viewable to those who had access to that server via the internet. We immediately began an investigation and determined that the files included patients’ names, medical record numbers, dates of service, reasons for visit, names of physicians, Carle account numbers, and diagnosis and treatment codes. No social security numbers and financial information were included in the files.

This incident only affected a small number of patients whose files were included on the server and is limited to only those patients who were discharged from Carle Hospital in the timeframe of November 1, 2015 through January 31, 2016.

We have no reason to believe that the information has been used in any way. However, in an abundance of caution, we began mailing letters on August 3, 2016, and established a dedicated call center to answer questions. If you believe you are affected but do not receive a letter by August 17, 2016, please call 1-888-246-7031 between 8:00 a.m. and 8:00 p.m. Central Time, Monday through Friday.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening in the future, we are working with all of our vendors to re-enforce education regarding secure transfer of patient information.

According to The News-Gazette, 1,185 patients were affected.

About the author: Dissent

Comments are closed.