Mar 06,2008 00:00
BEND, Ore. -- Cascade Healthcare Community, owner and operator of St. Charles Medical Centers in Bend and Redmond, Oregon, announced Wednesday that personal and financial information of about 11,500 persons who donated money to the corporation -– including names, addresses, dates of birth, and credit card data -– “may” have been compromised by a computer virus.
CHC’s computer systems were infected on December 11, but suspicious activity wasn’t detected until February 5, a news release stated.
So far, CHC’s IT department and hired information technology forensic team haven’t found any evidence that patient health information was compromised.
CHC has offered to provide a 12-month enrollment in a credit-monitoring service for those potentially affected.
The complete content of CHC’s news release follows:
Like all health care organizations, Cascade Healthcare Community has a strong commitment to protecting patient and employee information. Unfortunately, CHC was recently the victim of a computer virus that may have made some personal information vulnerable to inappropriate use.
Despite having an anti-virus security system in place, the CHC computer network was hit by a virus on Dec. 11. The IT group immediately worked to halt the attack and closely monitored the network for several weeks before detecting suspicious activity on Feb. 5. At that time, CHC hired an external information technology forensic team to investigate the incident.
After an exhaustive forensic evaluation, CHC learned Feb. 20 that some personal information stored on our systems may have been compromised. This information included names, addresses, dates of birth and credit card information for approximately 11,500 members of our community. At this time, there is no evidence indicating any patient health information was compromised.
“Although the investigation provided no indication that information was misused, CHC is working quickly and diligently to provide all affected members of our community with leading credit monitoring services at no charge,” said James A. Diegel, FACHE, President and CEO of CHC. “We want to express our sincere apologies to those community members who have trusted us with their information for the inconvenience and worry this situation may have caused.”
To assist our community members, CHC has contracted with an industry-leading provider of credit monitoring services and is providing free enrollment in a 12-month credit monitoring program for those affected. All potentially affected individuals will receive additional information directly from this agency within the next several days that includes information on enrollment.
In addition to community member information, CHC has learned that usernames and passwords of all CHC employees were also vulnerable for a short period of time. All caregiver passwords were changed as of 2 p.m. on Thursday, Feb. 21 and there is no evidence that unauthorized users accessed individual patient health information.
“It is vital that we continue to raise the level of security within the organization,” Diegel said. “We are working diligently on all levels of security from educating caregivers on the importance of protecting their passwords to upgrading our virus protections.”
Individuals may obtain a copy of their credit report, free of charge, whether they suspect any unauthorized activity on their account or not. To receive a credit report, contact any one or more of the following national consumer reporting agencies:
For more information, visit www.cascadehealthcare.org and click on any of CHC’s hospital specific sites. Posted under “Latest News” is this release and answers to frequently asked questions about the event.