Markian Hawryluk and Betsy Q. Cliff report in The Bulletin:
A computer virus may have exposed to outside eyes the names, credit card numbers, dates of birth and home addresses of more than 11,500 individuals who donated to Cascade Healthcare Community, the parent company of St. Charles in Bend and Redmond.
The virus penetrated the computer system Dec. 11, and the hospital’s information technology staff believed they had rebuffed it. But Feb. 5, they detected suspicious activity in the system and called in computer forensic experts to investigate.
By Feb. 20, it became clear the information had been made vulnerable by the virus.
On Wednesday, the hospital announced the data may have been exposed. The data breach is a concern due to the potential for identity theft.
Hospital officials say it is not clear whether any of the information was seen by individuals outside the hospital. There is no evidence that patient health information was compromised, officials said.
[…]
Officials said a list of employee user names and passwords was also vulnerable for a short period of time, though the hospital is not sure exactly how long. That vulnerability could have allowed an unauthorized person to log into the network but not to get to applications that store patient data, according to Sherman.
All employees were required to change their passwords Feb. 21 to prevent unauthorized access. That rendered the old passwords “totally useless,†Smith said.
The hospital system is still unsure how the virus was introduced and would not release the name of the virus.
“We don’t really know exactly the origin of it,†Smith says. “The only thing we do know is it probably came through a Web browser, a thumb drive or some other external device. We don’t know who did it, whether it was intentional, whether it occurred as a result of other viruses that are constantly attacking.â€
Read More – The Bulletin