230,000 Notified of Hacking Incident
Hackers Looking for Bandwidth to Play a GameSeacoast Radiology in Rochester, N.H., discovered on Nov. 12 that a server containing personal patient data and billing information had been hacked. An independent investigation confirmed that patient names, addresses, Social Security numbers, dates of birth, medical procedure codes, diagnosis codes and billing information were stored on the server. But the investigation concluded that unauthorized use of the information is unlikely as a result of the healthcare information breach, according to a statement from the practice.
The hacking incident investigation discovered the breach was likely caused by gamers based in Scandinavia, who were looking for extra bandwidth to play the poplar video game: "Call of Duty: Black Ops," a spokesman for the practice said. The gamers didn't have any interest in the patient data, she added.
The server involved did not store radiology images or reports, and it also did not contain banking information, the practice said. The practice reported it has taken steps to improve privacy protection, including hiring several computer security experts and "implementing security procedural changes to keep patient data secure from unauthorized access."
The practice also hired ID Experts to provide a toll-free number and website to answer questions about the incident. It notified the Health and Human Services' Office for Civil Rights, as required under the HITECH Act breach notification rule. The incident, however, was not on the OCR's list of major health information breaches as of the morning of Jan. 13.