Rady’s Children Hospital in San Diego has been notifying patients whose information was accessed without authorization via an open port on the Internet.
According to their notification, reproduced below, the unauthorized access first occurred on June 20, 2019, and was discovered on January 3, 2020. They do not explain how they first became aware of the breach or how/why the port was open.
The access was quickly terminated and an investigation begun into the radiology-related incident.
The patient information included patient name, gender, and type and date of imaging studies. In some instances, the patient information also included one or more of the following types of information: date of birth, medical record number, description of the imaging study, and the referring physician’s name.
The hospital offered the patients some complimentary identity protection services.RCHSD - Sample Consumer Notification Letter