Potential Data Breach at Children’s National Health System Due to Vendor Misconfiguration | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Potential Data Breach at Children’s National Health System Due to Vendor Misconfiguration

May 20, 2016
by Heather Landi
| Reprints

Children’s National Health System, based in Washington, D.C., has issued a notice about a potential data breach after a third-party vendor inadvertently misconfigured a file site that enabled patient information to be accessed online.

Accord to a press release about the incident posted on the Children’s National Health System website, the potential data breach could impact patient information for as many as 4,107 patients.

Ascend Healthcare Systems provided medical transcription services to Children’s National between May 1, 2014 and June 23, 2014. On February 25, 2016, Children’s National became aware that Ascend, an outside dictation vendor required under contract to maintain privacy of patient records, had inadvertently misconfigured a File Transfer Protocol (FTP) site—a standard network that is used to store and transfer computer files.

 “This might have allowed access from the Internet to transcription documents from a number of healthcare entities including Children’s National. We immediately began an investigation and determined that from February 19, 2016 to February 25, 2016 certain transcriptions could be located through a search engine, such as Google.  These transcriptions may have contained patients’ names, dates of birth, medications, and notes by physicians regarding patients’ diagnoses and treatments,” the health system system stated in its online posting.

The information did not contain billing or financial information of Social Security numbers. Children’s National is reaching out to individuals whose data were potentially accessible, the health system stated.

Patient data on the site may have included names, dates of birth, medication, and physicians’ notes regarding diagnosis and treatment.

“As soon as the health system became aware of the issue, the transcription company, Ascend, was contacted and asked to re-secure the site and remove the transcription documents from the Ascend server. Children’s National is not aware of any unauthorized access to or misuse of these documents,” according to the health system.

Children’s National ceased doing business with Ascend on June 23, 2014, and as part of that separation Ascend was contractually obligated to delete all Children’s patient information.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.