14 DAY TRIAL // A security breach affecting Stanislaus Surgical Hospital has been disclosed by the medical facility keeping most of the details under wraps.
Although it is not always the case, medical organizations are known to be the target of successful cyber-attacks because of insufficient security measures or practices regarding the protection of the personal information stored on their systems.
When a breach occurs, most of the times, the impacted organization provides some hints about what happened, allowing the affected individuals understand the nature of the incident, as well as the steps taken to avoid data leaks in the future.
Social security numbers have been exposed
However, in the case of a security incident that occurred on April 5, 2015, at Stanislaus Surgical Hospital in Modesto, California, only the most essential information has been made public.
Apart from the date of the breach, which apparently was discovered the same day, and the type of data exposed to a third party, whose origin remains a mystery, there isn’t much to be gathered from the disclosure letter to the impacted people.
Names, addresses, account numbers, social security numbers “and other identifying information” may have been exposed during the event. It is unclear if this is the result of an employee improperly handling the details, or of a cybercriminal attack.
Police is investigating, free identity protection service offered
The number of the individuals affected by this incident remains unknown, too, but since the hospital informed the California Office of the Attorney General, it is safe to assume that at least 500 people are currently affected.
The incident has been reported to the local police department, who has initiated an investigation. There is no indication that the breach was a consequence of malicious intent or that the data fell into the wrong hands.
Nevertheless, the hospital informs that it is “actively working on enhanced security measures” in order to reduce the risk of similar incidents in the future.
Furthermore, CEO Douglas Johnson said that anyone affected would receive a complimentary one-year subscription to an identity protection service, suggesting that possible criminal activity may ensue from the mishap.