Security breach affected thousands of Sentara Healthcare patients
Sentara Healthcare says more than 5,000 patient records have been compromised after a third-party vendor experienced a cybersecurity breach.
WHSV's affiliates report the breach affected 5,454 vascular and thoracic patients at Sentara hospitals in Virginia seen between 2012 and 2015. According to a news release from Sentara, the accessed information may have included patients' names, medical record numbers, dates of birth, social security numbers, procedure information, demographic information and medications.
The news release says Sentara, along with law enforcement, was notified of the breach on Nov. 17. The company has provided written notice to those affected and established a toll-free number for patients with questions.
Sentara says it is working with law enforcement, the vendor and a cybersecurity firm to investigate.
This incident did not affect all Sentara patients, but only certain patients who received vascular and/or thoracic treatment between 2012 and 2015.
The vendor said to help prevent something similar from happening in the future it is enhancing its system security.
Cyber security expert Charles Tendell, with Hackerslist.com, spoke to WHSV's CBS affiliate, WTKR, Monday night.
"When you're hearing about them this late in the game, it typically means that the bad guy ... got in several years ago and they've been kind of siphoning off pieces of information and it wasn't until recently that the breach got known and that's when the hole got plugged up," said Tendell. "The only thing you're going to be able to do is learn from their mistakes. ... They didn't have encryption on certain things and all of those are going to come out through this attack which is in some ways is a good thing because now they can fix it," said Tendell.
Sentara Healthcare said in its news release that the group continually strengthens its policies and procedures and invests in technologies which protect its own information technology systems.
WHSV contacted Sentara RMH about the breach. The Rockingham County hospital stated the following:
"A total of 5,454 vascular and/or thoracic patients were impacted, with the majority of patients being in the Hampton Roads area. Sentara is working with law enforcement, the vendor and a leading cybersecurity firm to investigate the incident. To help prevent something like this from happening in the future, the vendor has informed Sentara that it is enhancing its system security. In addition, Sentara continually strengthens policies and procedures and invests in technologies which protect our information technology systems. Because this is security related, we will not be sharing publicly what those enhancements or technologies are.
Sentara Healthcare sent letters to those impacted, including information on tools and resources. Those letters should arrive this week. Patients who have not received a letter and want to confirm whether they are affected can call 844-319-0134, Monday through Friday, from 9:00 a.m. to 9:00 p.m. EST."