Sentara Healthcare notifies patients after vendor is hacked

Organization notifies affected individuals, offers credit and ID protection services.


A third-party vendor serving Virginia-based Sentara Healthcare suffered a cyberattack, resulting in the 12-hospital delivery system sending breach notification letters to approximately 5,454 affected patients.

Law enforcement informed Sentara of the breach on Nov. 17, 2016, and a Sentara investigation pinpointed the vendor, which it declined to identify in its announcement, as the target. Healthcare organizations often learn of cyberattacks as police in the course of investigating an incident find other facilities that also were affected. Police, Sentara and the vendor continue to investigate the incident, according to the notification letter.

The vendor does not provide direct care to patients, according to a Sentara spokesperson; it provides information reporting and data benchmarking services. With the investigation ongoing, the organization will not provide additional information about the vendor or its current relationship with the vendor.

Also See: Presence Health hit with HIPAA fine for slow breach response

The compromised patient information “relates to vascular and/or thoracic procedures that took place between 2012 and 2015 at a Sentara hospital in Virginia, and was inappropriately accessed,” the organization has informed patients.

Data at risk includes patient names, dates of birth, Social Security numbers, medical record numbers, procedures, demographic information and medications.

Also See: The 10 largest healthcare data breaches of 2016

Affected individuals are being offered one year of credit monitoring and identify theft protection in the ProtectMyID Alert service of Experian. The vendor, according to Sentara, is enhancing its security posture.

More for you

Loading data for hdm_tax_topic #better-outcomes...