NC: Lexington Medical Center discloses vendor’s patient records data breach
Richard Craver reports:
Lexington Medical Center said Friday that some patients have been affected by a data breach into the information technology platform of former third-party vendor Healthgrades Operating Co. Inc.
The hospital said affected patients are being mailed notices by Healthgrades about the security incident.
Healthgrades had assisted the hospital with patient and community education about health matters and services.
Read more on Winston-Salem Journal.
The news report does not explain the nature of the breach, but the medical center’s notice on their web site includes this statement:
On January 29, 2021, Healthgrades notified LMC that an unauthorized individual gained access to a Healthgrades archived server between October 16, 2020 and October 28, 2020. Healthgrades discovered that the impacted archived server included LMC patient information in some backup files from the time it provided services to LMC.
According to LMC, the files involved in the incident included information from mid-2010 to mid-2011.
And although the news reports says that Healthgrade is mailing letters to those affected, LMC’s notice says:
We mailed letters regarding the incident to the patients whose information was involved on March 26, 2021. Patients whose information was involved are being offered complimentary identity or credit monitoring services. Information about the services, including instructions about how to enroll, are in the notification letters.
Neither the media report nor the web site notice indicated how many patients are being notified, but I expect we will see this one on HHS’s public breach tool.