230,000 Notified of Hacking Incident

Hackers Looking for Bandwidth to Play a Game
230,000 Notified of Hacking Incident
A New Hampshire radiology practice is notifying more than 230,000 patients that they may have been affected by a healthcare information breach incident involving hackers using a server to gain bandwidth to play a video game.

Seacoast Radiology in Rochester, N.H., discovered on Nov. 12 that a server containing personal patient data and billing information had been hacked. An independent investigation confirmed that patient names, addresses, Social Security numbers, dates of birth, medical procedure codes, diagnosis codes and billing information were stored on the server. But the investigation concluded that unauthorized use of the information is unlikely as a result of the healthcare information breach, according to a statement from the practice.

The hacking incident investigation discovered the breach was likely caused by gamers based in Scandinavia, who were looking for extra bandwidth to play the poplar video game: "Call of Duty: Black Ops," a spokesman for the practice said. The gamers didn't have any interest in the patient data, she added.

The server involved did not store radiology images or reports, and it also did not contain banking information, the practice said. The practice reported it has taken steps to improve privacy protection, including hiring several computer security experts and "implementing security procedural changes to keep patient data secure from unauthorized access."

The practice also hired ID Experts to provide a toll-free number and website to answer questions about the incident. It notified the Health and Human Services' Office for Civil Rights, as required under the HITECH Act breach notification rule. The incident, however, was not on the OCR's list of major health information breaches as of the morning of Jan. 13.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network