Records of 2,000 Westerly Hospital patients posted online

March 1, 2007

Two-thousand patients at Westerly Hospital had their names, Social Security numbers and medical records posted on a publicly accessible Web site, and the hospital said it doesn't know who did it.

"We don't know why it happened. We don't know how it happened. But we will," hospital President and CEO Charles Kinney told The Westerly Sun.

The Web site included detailed information about patients' surgical procedures and medical histories, as well as people's home addresses and insurance information.

The hospital said not all its patients are affected, and the breach likely only extended to patients seen during certain days in January. The Sun reported patients it contacted had been at the hospital on three separate days.

Westerly Police learned of the problem on Wednesday afternoon when a woman looked up her phone number on the Internet search engine Google and found a link to the site. Police called the hospital, then the FBI and State Police.

The hospital worked with several Internet companies, including Yahoo Inc., to take the site down, and it was taken offline five hours later, according to the Sun. It's not clear how long the site was up or how many people saw the information.

Kinney said there was a breach in the hospital's computer database system that allowed hackers to access the information. The hospital plans to send a letter to every affected patient as soon as possible, Kinney said.

Messages left with the FBI, State Police and Westerly police were not immediately returned Thursday.

main page ATTRITION feedback