Lawrence (Kan.) Memorial Hospital is apologizing for the fallout of a billing software glitch, which potentially exposed hundreds of patients' credit card information online, according to a KCTV 5 report yesterday. Although no Social Security numbers, medical records, and birth dates were exposed, patients' credit card and checking account information, as well as names, phone numbers, email address, and payment amounts, were publicly available from Sept. 20 to Oct. 28, according to the report.
A woman whose husband was a patient discovered that her account information was online. Hospital officials learned of the data breach on Oct. 28 but did not immediately notify patients, according to the article.
The hospital maintains that it did not release the information, according to a press release. The data breach is a result of failed security measures on a BrickWire-hosted website for the online patient bill-pay services under Mid Continent Credit Services, according to the hospital statement.
"This was a system where the person entered their own information," said Janice Early, director of community relations for the hospital, in the KCTV 5 article. "It was not a database that was connected to the hospital. It's not information that was on the hospital server."
The hospital advises the affected patients to monitor their accounts for suspicious activities, and Mid Continent Credit Services is offering one-year credit monitoring for them.
For more information:
- check out the KCTV 5 report
- read the hospital press release (.pdf)
- read the credit services' press release (.pdf)