Hospital data breach of 8K patients may lead to federal probe, fine

A computer glitch that exposed the financial information of more than 8,000 patients online may put Lawrence (Kan.) Memorial Hospital under federal investigation, reports WellCommons.

Hospital officials learned of the data breach on Oct. 28 and this week mailed thousands of letters notifying patients who had used the hospital's online bill pay service, hosted by Brick Wire on behalf of Mid Continent Credit Services.

The federal probe could leave Lawrence Memorial with a $25,000 fine from the Office of Civil Rights. However, the vendors would most likely pay up since patient privacy was part of the contract arrangement, the hospital's compliance management director Susan Thomas told WellCommons.

So far, two patients said their accounts have suspicious charges, although hospital officials can't say for sure whether those charges are due to the data breach.

Meanwhile, the hospital's general counsel and Mid Continent Credit Services both acknowledged that the hospital would not be held liable for the data breach, as the security violation was "completely outside the control of the hospital," according to the article.

For more information:
- read the WellCommons article