Bon Secours Vendor Breach Exposes Data of 655K Patients | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Bon Secours Vendor Breach Exposes Data of 655K Patients

August 15, 2016
by Rajiv Leventhal
| Reprints

Bon Secours Health System, based in Marriottsville, Md., is informing some 655,000 individuals that files containing patient information inadvertently had been left accessible by one of the health system’s vendors, R-C Healthcare Management.

While attempting to adjust their computer network settings during a multi-day period in April, R-C Healthcare inadvertently made files located within their computer network accessible via the internet. When Bon Secours discovered this issue on June 14, it notified R-C Healthcare of this issue so that the information could no longer be accessed via the internet, officials of the health system said in a notice to patients.

The notice read, “Our investigation determined that the files that were available via the internet may have contained patients’ names, health insurers’ names, health insurance identification numbers, limited clinical information, social security numbers, and in some instances, bank account information. Medical records were not made available via the internet and medical care has not and will not be affected.”

According to a report in the Richmond Times-Dispatch, a Bon Secours Richmond Health System spokeswoman said, “We do know that of the 655,000, fewer than 600 individuals had information that included a lab or diagnostic test name and none had diagnosis information.” The report added that R-C Healthcare Management, which helps hospitals generate revenue by optimizing existing data reporting, according to its website, is no longer a vendor of Bon Secours.

The health system, with facilities in in six states along the East Coast, said there is no knowledge that the information contained within the files has been misused in any way. “However, as a precaution, we began mailing letters to affected patients on August 12, 2016, and established a dedicated call center to answer patients’ questions,” Bon Secours said.

The month of August has already seen a few major data breaches reported in the industry. Phoenix-based Banner Health, one of the largest healthcare systems in the U.S., announced early in the month that it would be notifying approximately 3.7 million individuals about a breach in which cyber attackers gained unauthorized access to computer systems that process payment card data at food and beverage outlets at certain Banner locations. And on August 5, Albany, New York-based Newkirk Products, a BlueCross BlueShield business associate that issues healthcare ID cards for health insurance plans, reported a cyber security incident involving unauthorized access to a server containing approximately 3.3 million plan members’ personal information.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



83% of Physicians Have Experienced a Cyber Attack, Survey Finds

Eighty-three percent of physicians in a recent survey said that they have experienced some sort of cyber attack, such as phishing and viruses.

Community Data Sharing: Eight Recommendations From San Diego

A learning guide focuses on San Diego’s experience in building a community health information exchange and the realities of embarking on a broad community collaboration to achieve better data sharing.

HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.