Kingman Regional website configuration exposed patient info
A misconfiguration on the website of Kingman (Ariz.) Regional Medical Center posed a security vulnerability to the data of an estimated 1,100 patients.
However, executives contend that a potentially larger issue was avoided because of a routine review of the site.
On April 9, Kingman Regional learned that it may have had a possible security problem with its public website. The issue was found during a regular internal check of the public website, a step that some other providers may not take, says Teri Williams, director of communications and marketing.
“Web platforms need to be looked at; other hospitals should examine the security of their public websites,” she advises. The checking of the website likely prevented a larger breach, she adds.
An outside forensics investigation found the configuration of the website made it possible for one or more unauthorized persons to view information entered into the website by patients.
The provider’s website resides on an isolated computer server that is not connected to other information systems, Williams says. The website enables patients to request appointments; the data of 1,100 patients was potentially exposed.
Possibly compromised data included patient names, dates of birth and information related to medical conditions for which patients were requesting services. Patient medical records, Social Security numbers and financial information were not compromised, Williams says.
Now, the website has been removed from public view, and Kingman Regional is taking steps to rebuild the site with additional safeguards.
The organization is advising affected individuals to review statements they receive from their healthcare providers and contact a provider if the statement shows services that were not received.