Potential Data Breach at Children’s National Health System Due to Vendor Misconfiguration | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Potential Data Breach at Children’s National Health System Due to Vendor Misconfiguration

May 20, 2016
by Heather Landi
| Reprints

Children’s National Health System, based in Washington, D.C., has issued a notice about a potential data breach after a third-party vendor inadvertently misconfigured a file site that enabled patient information to be accessed online.

Accord to a press release about the incident posted on the Children’s National Health System website, the potential data breach could impact patient information for as many as 4,107 patients.

Ascend Healthcare Systems provided medical transcription services to Children’s National between May 1, 2014 and June 23, 2014. On February 25, 2016, Children’s National became aware that Ascend, an outside dictation vendor required under contract to maintain privacy of patient records, had inadvertently misconfigured a File Transfer Protocol (FTP) site—a standard network that is used to store and transfer computer files.

 “This might have allowed access from the Internet to transcription documents from a number of healthcare entities including Children’s National. We immediately began an investigation and determined that from February 19, 2016 to February 25, 2016 certain transcriptions could be located through a search engine, such as Google.  These transcriptions may have contained patients’ names, dates of birth, medications, and notes by physicians regarding patients’ diagnoses and treatments,” the health system system stated in its online posting.

The information did not contain billing or financial information of Social Security numbers. Children’s National is reaching out to individuals whose data were potentially accessible, the health system stated.

Patient data on the site may have included names, dates of birth, medication, and physicians’ notes regarding diagnosis and treatment.

“As soon as the health system became aware of the issue, the transcription company, Ascend, was contacted and asked to re-secure the site and remove the transcription documents from the Ascend server. Children’s National is not aware of any unauthorized access to or misuse of these documents,” according to the health system.

Children’s National ceased doing business with Ascend on June 23, 2014, and as part of that separation Ascend was contractually obligated to delete all Children’s patient information.

Topics

News

AHIMA Issues Cybersecurity Plan for Healthcare Organizations

Cyber attacks against the healthcare industry are growing at an accelerated pace, and to help healthcare organizations strengthen their cybersecurity programs and defend against a cyber attack, the American Health Information Management Association (AHIMA) recently released a 17-step cybersecurity plan.

Loma Linda University Medical Center Gets HIMSS Stage 7 Designation

Loma Linda University (LLU) Medical Center and other patient care facilities linked to the health system have achieved Stage 7 designation on HIMSS Analytics’ inpatient Electronic Medical Record Adoption Model (EMRAM).

HHS OIG Report Cites Concerns with MACRA Implementation

The U.S. Department of Health and Human Services (HHS) Office of the Inspector General issued a report of its review of the Centers for Medicare & Medicaid Services’ (CMS) management of the Quality Payment Program and cited specific concerns regarding the need for more specialized technical assistance for clinicians and program integrity efforts.

Cerner Files Protest over $62M EHR Contract Awarded to Epic

Cerner Corp. has filed a protest against rival EHR vendor Epic Systems following an “unfair bidding process and a possible conflict of interest” for a recent IT implementation contract awarded by the University of Illinois (UI) medical center.

NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.