Highlands-Cashiers Hospital discovers patient data was unprotected for more than 2 years
Highlands-Cashiers Hospital in North Carolina is notifying more than 25,000 patients after discovering that an error by their IT vendor, TruBridge, had exposed patient information on the Internet between May 2012 and September 29, 2014. TruBridge is a wholly owned subsidiary of Computer Programs and Services, Inc.
Forensic investigation revealed that although patients’ names, addresses, dates of birth, diagnoses and treatment information, health insurance information, and in some cases, Social Security numbers, were accessible, there was no evidence that they had been accessed or misused.
You can read the hospital’s full November 24th notification on their web site, here.
Update of 01-14-2015: The hospital’s notification to the Maryland Attorney General’s Office can be found here (pdf).