WA: Highline Medical Center notifies 18,000 patients whose information was exposed on the Internet by third-party error
The R-C Healthcare Management error that resulted in Bon Secours notifying over 655,000 patients that their protected health information had been exposed on the Internet beginning in April also impacted CHI Franciscan Health Highline Medical Center in Washington. But unlike Bon Secours, which had a current relationship with the vendor, Highline was no longer a client at the time of the breach.
The vendor’s error, first discovered by Bon Secours on June 14, was reported to Highline by R-C Healthcare on July 22.
In a notification letter to those affected, Judi Hofman, CHI Franciscan Regional Privacy Officer, Northwest, explained that R-C Healthcare performed services for Highline Medical Center prior to CHI’s acquisition of Highline Medical Center in 2014. The data involved was used in cost reporting functions from years 1993-1994 and 2008 – 2013.
Upon notification, we immediately began an investigation and determined that the files may have contained your name, dates of service, health insurance information, and social security number. R-C Healthcare assured us that it has secured the files as of June 13, 2016. Your medical record information was not included and your care will not be affected. Upon validation of the completion of services, we will instruct R-C Healthcare to destroy the files.
Highline states that it has no knowledge that the information has been accessed, viewed, acquired or otherwise compromised by any unauthorized third party, but is offering those notified a free one-year credit monitoring membership from Experian’s® ProtectMyID® Alert.
Highline also established a call center for those with questions and notified HHS on August 30. They reported that 18,399 patients were notified.