Data Breach at Vendor Exposes DeKalb Health Patient Information

Jeff Goldman

Indiana’s DeKalb Health recently announced that some patient information may have been exposed when a server operated by the third-party vendor that runs its Web site “was the target of an overseas hacking attack” (h/t Becker’s Hospital CIO).

The hospital first learned on February 12, 2014 that the personal information of 17 users of its online bill pay Web site may have been accessed, including those users’ names, home addresses, credit card numbers and Social Security numbers. Those 17 people were notified of the breach on March 26, 2014.

Around the same time, DeKalb also discovered that the hackers had set up a fraudulent Web site designed to mimic the donation page for the DeKalb Health Foundation. The hackers targeted DeKalb patients with phishing e-mails linking to the site, and inserted a link to the fraudulent site on DeKalb Health’s own Web site.

About six weeks later, around March 27, 2014, DeKalb learned that a second database on the compromised server may also have been accessed, potentially exposing 24 additional patients’ information, including name, mailing address, e-mail address, phone number, birthdate, Social Security number, hospital ID number, insurance information, general type of service, gender, marital status, religion, race, employer, emergency contact and guarantor. Those 24 people were notified of the breach on April 1, 2014.

Around the same time, the hospital learned that a third database on the compromised server may also have exposed information on approximately 1,320 babies born at the hospital, including their names, weights, lengths, birthdates, parents’ names, and passwords for the hospital’s “Web Babies” site. All affected families were notified on April 24, 2014.

“Since learning of this incident, DeKalb has taken swift and immediate action,” the hospital said in a statement. “The Hospital worked with the third party that operates the compromised server to ensure that the server is no longer utilized for DeKalb purposes. The Hospital also commenced the process of assessing its current relationship with that third party for these services in light of this incident.”

All those affected have been offered one year of free identity monitoring services. Patients with questions are advised to contact (877) 423-0654.

Previous article
Boston Medical Center Admits Massive Data Breach
Next article
Swiss Bank Hacker Arrested in Thailand
Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Advertisers

Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.