BA Leaves Data Exposed on Web, Causing Breach
A business associate (BA) of healthcare provider Bon Secours left personal information of more than 650,000 patients exposed on the internet for four days, revealing names, insurance ID numbers, banking info, Social Security numbers, and clinical data. The breach was discovered by Bon Secours.
WTKR reported the healthcare chain discovered that R-C Healthcare Management had revealed the information while adjusting network settings in April. Bon Secours data in three states—Virginia, South Carolina, and Kentucky—were exposed.
Bon Secours began notifying patients August 12 after a two month investigation. R-C Healthcare hired a forensic investigator and notified customers of the situation and its resolution.