Potential Data Breach at Children’s National Health System Due to Vendor Misconfiguration | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Potential Data Breach at Children’s National Health System Due to Vendor Misconfiguration

May 20, 2016
by Heather Landi
| Reprints

Children’s National Health System, based in Washington, D.C., has issued a notice about a potential data breach after a third-party vendor inadvertently misconfigured a file site that enabled patient information to be accessed online.

Accord to a press release about the incident posted on the Children’s National Health System website, the potential data breach could impact patient information for as many as 4,107 patients.

Ascend Healthcare Systems provided medical transcription services to Children’s National between May 1, 2014 and June 23, 2014. On February 25, 2016, Children’s National became aware that Ascend, an outside dictation vendor required under contract to maintain privacy of patient records, had inadvertently misconfigured a File Transfer Protocol (FTP) site—a standard network that is used to store and transfer computer files.

 “This might have allowed access from the Internet to transcription documents from a number of healthcare entities including Children’s National. We immediately began an investigation and determined that from February 19, 2016 to February 25, 2016 certain transcriptions could be located through a search engine, such as Google.  These transcriptions may have contained patients’ names, dates of birth, medications, and notes by physicians regarding patients’ diagnoses and treatments,” the health system system stated in its online posting.

The information did not contain billing or financial information of Social Security numbers. Children’s National is reaching out to individuals whose data were potentially accessible, the health system stated.

Patient data on the site may have included names, dates of birth, medication, and physicians’ notes regarding diagnosis and treatment.

“As soon as the health system became aware of the issue, the transcription company, Ascend, was contacted and asked to re-secure the site and remove the transcription documents from the Ascend server. Children’s National is not aware of any unauthorized access to or misuse of these documents,” according to the health system.

Children’s National ceased doing business with Ascend on June 23, 2014, and as part of that separation Ascend was contractually obligated to delete all Children’s patient information.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.

Dignity Health, UCSF Health Partner to Improve the Digital Patient Experience

Dignity Health and UCSF Health are collaborating to develop a digital engagement platform that officials believe will provide information and access to patients when and where they need it as they navigate primary and preventive care, as well as more acute or specialty care.

Report: Digital Health VC Funding Surges to Record $4.9 Billion in 2018

Global venture capital funding for digital health companies in the first half of 2018 was 22 percent higher year-over-year (YoY) with a record $4.9 billion raised in 383 deals compared to the $4 billion in 359 deals in the same time period last year, according to Mercom Capital Group’s latest report.

ONC Roundup: Senior Leadership Changes Spark Questions

The Office of the National Coordinator for Health IT (ONC) has continued to experience changes within its upper leadership, leading some folks to again ponder what the health IT agency’s role will be moving forward.

Media Report: Walmart Hires Former Humana Executive to Run Health Unit

Reigniting speculation that Walmart and insurer Humana are exploring ways to forge a closer partnership, Walmart Inc. has hired a Humana veteran to run its health care business, according to a report from Bloomberg.