Skip to content Skip to navigation

Bon Secours Vendor Breach Exposes Data of 655K Patients

August 15, 2016
by Rajiv Leventhal
| Reprints

Bon Secours Health System, based in Marriottsville, Md., is informing some 655,000 individuals that files containing patient information inadvertently had been left accessible by one of the health system’s vendors, R-C Healthcare Management.

While attempting to adjust their computer network settings during a multi-day period in April, R-C Healthcare inadvertently made files located within their computer network accessible via the internet. When Bon Secours discovered this issue on June 14, it notified R-C Healthcare of this issue so that the information could no longer be accessed via the internet, officials of the health system said in a notice to patients.

The notice read, “Our investigation determined that the files that were available via the internet may have contained patients’ names, health insurers’ names, health insurance identification numbers, limited clinical information, social security numbers, and in some instances, bank account information. Medical records were not made available via the internet and medical care has not and will not be affected.”

According to a report in the Richmond Times-Dispatch, a Bon Secours Richmond Health System spokeswoman said, “We do know that of the 655,000, fewer than 600 individuals had information that included a lab or diagnostic test name and none had diagnosis information.” The report added that R-C Healthcare Management, which helps hospitals generate revenue by optimizing existing data reporting, according to its website, is no longer a vendor of Bon Secours.

The health system, with facilities in in six states along the East Coast, said there is no knowledge that the information contained within the files has been misused in any way. “However, as a precaution, we began mailing letters to affected patients on August 12, 2016, and established a dedicated call center to answer patients’ questions,” Bon Secours said.

The month of August has already seen a few major data breaches reported in the industry. Phoenix-based Banner Health, one of the largest healthcare systems in the U.S., announced early in the month that it would be notifying approximately 3.7 million individuals about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. And on August 5, Albany, New York-based Newkirk Products, a BlueCross BlueShield business associate that issues healthcare ID cards for health insurance plans, reported a cyber security incident involving unauthorized access to a server containing approximately 3.3 million plan members’ personal information.



Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information.

Mount Sinai’s Research Arm Using Data Analytics to Address Health Inequities

The Arnhold Institute for Global Health at the Icahn School of Medicine at Mount Sinai is partnering with DigitalGlobe to create the Health Equity Atlas Initiative (ATLAS), a platform that standardizes and maps population data in order to generate insights that address health inequities.

FDA, Hospitals Work to Improve Data Collection about Medical Devices

The U.S. Food and Drug Administration is looking to improve the way it works with hospitals to modernize and streamline data collection, specifically safety data, about medical devices.

McKesson Unveils New Paragon Electronic Health Record Platform

McKesson Enterprise Information Solutions (EIS) announced the latest release of Paragon, its electronic health record (EHR) solution.

Catholic Health Initiatives and Dignity Health are in Merger Talks

Englewood, Colorado-based health system Catholic Health Initiatives is in merger talks with San Francisco-based Dignity Health to potentially create one of the largest nonprofit health systems by revenue in the country.

OSU Wexner Medical Center Receives AHIMA Grace Award

The Ohio State University Wexner Medical Center (OSUWMC) received the American Health Information Management Association (AHIMA) annual Grace Award in recognition of its leadership in health information management.