Data breaches at health and medical facilities are increasing day by day. Another data breach has occurred at a medical facility and this time personal details of hundreds of thousands of people at Boys Town National Research Hospital have been exposed. This is considered to be the largest data breach ever reported by a pediatric specialty hospital.
As per the U.S. Department of Health and Human Services Office for Civil Rights, the breach had impacted 105,309 individuals which include patients and employees, at the Omaha-based medical organization.
The Boys Town National Research Hospital admitted that they came to know about the abnormal details of one of its employees’ email account on May 23, 2018. A forensic investigation was conducted and the hospital found that an unknown hacker managed to gain access to the employee’s email account and steal personal information stored within the email account as a result of unauthorized access.
The hacker managed to get the personal and medical data of more than 100,000 patients and employees some of which includes Name, Date of birth, Social Security number, Diagnosis or treatment information, Medicare or Medicaid identification number, Medical record number, Billing/claims information, Health insurance information, Disability code, Birth or marriage certificate information etc.
Since the hackers managed to get such vast information of a large number of people they might have already started selling personal information of victims on the dark web or planning to carry out further harm to them especially child patients at the hospital.
However, The Boys Town National Research Hospital says they have not received any reports of the misuse of the stolen information so far.
The hospital says that “Boys Town takes this incident and the security of personal information seriously. Upon learning of this incident, Boys Town moved quickly to confirm whether personal information may have been affected by this incident, to identify the individuals related to this personal information, to put in place resources to assist them, and to provide them with notice of this incident.”
The hospital has also reported the incident to law enforcement and is notifying state and federal regulators, along with potentially affected individuals. Boys Town has offered the affected individuals free access to 12 months of identity protection services.
They are also reviewing their existing policies and procedures and is implementing some additional security measures to safeguard its users’ information stored in its systems.
The affected victims are advised to monitor their accounts for any fraudulent transaction and should consider placing a credit freeze request.