A data security incident at a pediatric hospital affected more than 100,000 individuals including patients and employees.
On 20 July, the Boys Town National Research Hospital published a “Notice of Data Security Incident” on its website. According to this statement, the Omaha-based medical organization became aware of abnormal behavior regarding an employee’s email account on 23 May. They launched an investigation and thereby determined that someone unknown to the Hospital had infiltrated that employee’s account. They then set about to figure out what types of information that person might have viewed as a result of their unauthorized access.
Officials at the medical center determined that the unknown individual could have accessed the personal and medical data of 105,309 patients and employees. Those details included victims’ names, dates of birth, Social Security Numbers, treatment information, health insurance items, login credentials and even some financial data.
Rebecca Herold, president of Simbus, told HealthcareInfoSecurity that the extensive amount of information potentially stolen in the incident poses a significant threat to all victims, particularly children who were patients at the hospital:
This could ultimately result in incorrect data being incorporated into children’s health files, which could have long-lasting safety and health impacts on these already vulnerable children. Just imagine if someone who committed medical identity theft incorporated incorrect information into the child’s health records, and a child was subsequently given medicine or treatments that could bring them harm, or even result in their death. Misuse of children’s medical data has not only financial impacts, but also very significant social and true life-and-death safety impacts.
The Boys Town National Research Hospital revealed it’s currently in the process of notifying victims of the incident. It also urged potentially affected individuals to monitor their accounts for fraudulent transactions and to consider placing a security freeze on their credit reports.
This latest data security event should serve as a reminder to healthcare organizations everywhere about the importance of securing and protecting their electronic health records. For some helpful insight into this challenge, watch this webinar.