Valley View Hospital in Glenwood Springs, Colo., on March 17 started notifying about 5,400 patients that their protected health information was found in an encrypted and hidden folder in a hospital information system.

A sophisticated outside virus collected and encrypted the information in the folder. Hospital personnel discovered the virus in January 2014 and contracted with an information technology forensic firm to investigate, according to a notice on Valley View’s website.

The firm determined on January 23 that the virus captured screen shots of web pages and stored the images in the encrypted, hidden folder, which could have been accessed by an outside entity. The hospital has been unable to determine whether any data was accessed or transmitted elsewhere.

The hospital shut down incoming and outgoing Internet traffic and took steps to remove the virus. Two days later, the forensics firm reported the contents of the folder, which included patient names and may also have included Social Security numbers, addresses, dates of birth, credit card information, telephone numbers, admission dates, discharge dates and patient visit numbers.

Affected patients are being offered one year of free credit and identity protection services. A hospital spokesperson was not immediately available for additional comment.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access