The breach was discovered on Oct. 8, 2012, with investigators determining the hacker had access to the provider’s email since March 11, 2012. The hospital, part of Carolinas HealthCare System, is notifying 5,600 patients whose mail may have been breached. It also is notifying another 700 patients of the provider although no evidence has been found that their information was compromised.
Only five emails included Social Security numbers. Other information that may have been in the emails included patient name, date of birth, dates of service, diagnosis, prognosis, medications, results, referrals, provider and facility names, and hospital medical record and account numbers. “At this time, Carolinas HealthCare System has no evidence that the information has been misused, and based on the investigation, no other email accounts or other computer systems (including the electronic medical records system) were found to have been affected by this incident,” according to a statement from the delivery system.
Affected patients are being offered paid credit and identity protection services.