Privacy breaches force online bill-payment company out of business

Last April when a network technician working for Bellevue, Wash.-based Web content-management company Verus failed to set up a firewall properly as part of an online bill-payment service for hospitals, the mistake exposed patient data from at least a half-dozen hospitals across the country.
Until the mistake was discovered over a month later, patient information that had been stored by Verus on behalf of Concord Hospital in New Hampshire; St. Vincent Indianapolis Hospital in Indiana; Stevens Hospital in Edmonds, Wash.; and Sky Lakes Medical Center in Klamath Falls, Ore., among others, could be openly accessed on the Web. And it was, at least by Google bots that indexed it for search.
“Our data on about 9,200 patients was exposed for about five weeks on the Internet,” says Bruce Burns, CFO at Concord Hospital. “We were made aware it had been indexed by Google. We think a patient from Stevens Hospital was the first to discover it.”
Verus owned up to the security mistake but Concord Hospital, along with other medical-care institutions forced to explain the data breach to the public, dropped the Verus bill-paying service like a hot potato. Verus figured prominently in their press releases as the culprit behind the fiasco.
{Verus, an otherwise respected and experienced technology company, has been forced to shut its doors in response to a string of privacy breaches. After having mistakenly left a firewall unprotected for months, Google searchbots found and indexed thousands of patient records from numerous hospitals across the country. As we move forward with an electronic health system let Verus act as a reminder to those that champion the benefits of EHRs. Protecting patient privacy must be just as high a priority as the potential convenience of an electronic health system. Apparently Verus, and the hospitals that hired them, did not full comprehend the task at hand. To quote Bruce Burns, CFO of Concord Hospital, “We need to better understand what’s entailed.” Without legislation that includes stiff penalties for breaches of health data, hospitals will continue to view patient privacy as a burden and not a responsibility.}

Leave a Reply

Your email address will not be published. Required fields are marked *