NCH Healthcare employee data potentially compromised (UPDATED)
ABC7 has confirmed that data on two of NCH Healthcare System‘s computers may have been breached at the Cerner Data Center in Kansas City, Missouri.
The information contained on the computer servers includes a medical staff credentialing database and employee information – no patient data was compromised.
Read more on ABC7.
NCH operates two hospitals: NCH Baker Hospital in downtown Naples and North Naples Hospital.
There is no statement on Cerner’s web site at this time, so it’s not clear to me whether other clients of Cerner may also be impacted. Nor is it clear whether this was a hack, malware/phishing scheme, or a rogue insider at Cerner.
This post will be updated as more information becomes available.
Update: Dan Smith, a spokesperson for Cerner, kindly provided the following statement:
While there was the potential for unauthorized access to two Naples Community Hospital servers that hosted personal identifiable information (PII) for
employees, medical staff, and their beneficiaries and dependents, there is no
indication that any unauthorized access or misuse of information occurred.
These servers did not house protected health information, and we have worked
with NCH and third-party forensic consultants to investigate and take
corrective action. NCH has notified individuals who may be affected.
The servers are isolated and can no longer be accessed externally via the
internet. This issue is isolated to two servers that only hosted NCH PII. The
potentially affected servers have different technical characteristics than
other servers used to host health or medical information for NCH and other
health care providers. Patient and medical record information was not located
in these databases or on these computer servers.