Financial information of about 10,000 people may have been posted online during a security breach by Lawrence Memorial Hospital’s online patient bill pay services.
LMH reported Friday that information maintained by its vendor Mid Continent Credit Services was inadvertently publicly available on the Internet between Sept. 20 and Oct. 28. This information may have been available:
• Patient name, phone number, email address, health care provider, payment amount and date of payment.
• Credit card information, including the type of card, name and address of the card holder, the account number, the verification number and the expiration date.
• Checking account information, including the check number, the account holder name and address, the checking account number and bank routing number, and the bank name and address.
Janice Early, LMH director of community relations, said the information did not include medical records and was not released by the hospital.
The security breach affects people who used the online bill pay service on the hospital’s website — lmh.org — which asks for either credit card information or bank account information. It does not affect people who paid for bills through their bank, by mail or phone. People use the online bill pay service not only for hospital bills, but to pay physicians groups and health fairs, Early said. The online pill bay service is currently unavailable.
“We are in the process of arranging for a new online payment system with a new vendor. We hope that it can be available within a week,” Early said.
The event occurred as a result of failed security measures on a website hosted by BrickWire LLC, which hosted the online patient bill pay service on behalf of Mid Continent Credit Services. LMH has had a contract with Mid Continent Credit Services since 2005, when it started online services.
Early said the hospital learned about the security breach by a patient on Oct. 28 and it immediately contacted Mid Continent Credit Services.
LMH is notifying patients through letters, which should be received during the next couple of weeks. It is advising people who have made online payments to monitor their account statements and credit reports for suspicious activity. Mid Continent has agreed to offer a free one-year credit monitoring subscription to individuals.
Anyone who has questions about the security breach should call LMH at 505-4945 or send an email to email@example.com.
“We take privacy and security of patient information very seriously and we sincerely apologize for the inconvenience caused by this event,” Early said.
Tagged: Lawrence Memorial Hospital