Einstein Health Network notifies 3,000 patients after web exposure of information

Justin Heinze reports:

Einstein Healthcare Network may have suffered a data breach, they announced Thursday, and they are sending letters home to patients that may have been effected.

The incident involved a website database containing patient information entered into Einstein’s website “Request for Information” form, Einstein said.

 

Read more on Norristown Patch.

EHN posted a notice, linked from their home page, on April 1:

Einstein Healthcare Network is committed to maintaining the privacy and security of our patients’ personal information. Regrettably, this notice is regarding an incident involving some of that information.  This incident did not involve Einstein’s electronic patient medical record systems or any hacking or virus infection.

On February 2, 2016, we learned that a website database containing information entered into our website “Request for Information” form, which contained patient information, had inadvertently been left accessible via the internet.  Upon learning this, we immediately secured the website database and removed it from public view.  We also immediately began an internal investigation and determined that the website database may have contained patients’ names, telephone numbers, reasons for submitting the requests, physicians’ names and health information, if any,  entered into the website form.  The website database did not contain Social Security numbers, financial information, or electronic patient medical records.

This incident did not affect all Einstein patients, but only certain patients who entered information into our website “Request for Information” form prior to February 2016. We have no knowledge that any patient information has been used improperly. However, in an abundance of caution, we mailed letters to affected patients on March 31, 2016 and have established a dedicated call center to answer patients’ questions. If you believe you are affected but do not receive a letter by April 22, 2016, please call 1-844-789-7062,Monday through Friday between 9:00 a.m. and 9:00 p.m. Eastern time.

To help prevent something like this from happening in the future, we have secured the website database and are enhancing our security measures for the website. We deeply regret any concern this may cause our patients.

About the author: Dissent