Security breach exposes Concord Hospital patient data

June 9, 2007

By Lisa Arsenault

A security lapse exposed the personal information of more than 9,000 Concord Hospital patients, leaving their names, addresses, dates of birth and social security numbers unprotected on the internet "for a period of time," the Concord Monitor has learned. The hospital notified patients of the problem today, more than a week after the hospital found out about the security lapse from a subcontractor that handles its online billing, according to a hospital statement released to the Monitor.

No credit card information was exposed and, to the hospital's knowledge, no personal health information was at risk or compromised, according to a statement released to the the Monitor yesterday afternoon.

"Our patients' privacy is of the utmost importance and we will remain diligent in our efforts to prevent this type of breach for ever occurring again," said Hospital President and CEO Michael Green.

A Washington-based company called Verus Inc. notified Concord Hospital May 30 that an unintentional lapse had occurred in the data security procedures when the company turned off a firewall for maintenance purposes. As soon as the lapse was identified, the problem was corrected and the personal information at risk was immediately secured, according to the statement.

The web component that allows patients to view and pay their bills online has currently been shut off. The hospital has also established telephone hotlines for patients with questions. Those numbers are 603-230-7399 or toll free at 1-866-518-7587.

main page ATTRITION feedback