More than 4,000 patients of Washington, D.C.-based Children's National Health System (CNHS) received notices of a data breach following a former vendor disclosing patient health information on an FTP site viewable on the web.
How many victims? Up to 4,107 patients.
What type of information? Patient names, birth dates, medications and doctor summaries involving prognosis and treatment. Officials said the docs did not disclose billing or banking data or Social Security numbers.
What happened? CNHS ceased doing business with Ascend Healthcare Systems, a vendor which provided medical transcription services to the organization, on June 23, 2014 and ordered the service to delete any data of CNHS patients. However, CNHS authorities first learned on Feb. 25, 2016 that Ascend inadvertently uploaded files onto an FTP site that was configured to allow access from the web.
What was the response? CNHS began sending letters to potentially affected patients on April 14 and set up a dedicated call center to answer questions.
Quote: "Children's National is not aware of any unauthorized access to or misuse of these documents." – CNHS