DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The West Virginia Attorney General’s Office statement on CAMC breach

Posted on February 16, 2011 by Dissent

West Virginia Attorney General Darrell McGraw today announced actions by his office and the Charleston Area Medical Center (CAMC) to secure the private information of 3655 patients affected by a data breach on a website set up for CAMC. The breach occurred within the research subsidiary of CAMC – the CAMC Health Education Research Institute (CHERI).

As a result of discussions with the Attorney General’s Consumer Protection Division, officers at CAMC have agreed to a number of measures to safeguard the information that was compromised, protect against further breaches, and ensure that the hospital’s other websites are secure. CAMC has hired the Bonadio Group, a New York-based risk management group, for its security assessment.

“After learning of this security breach, my Consumer Protection Division immediately had the compromised website shut down,” Attorney General McGraw said. “Data security is critical to our citizens and protecting it is a priority with my office.”

Patients in the affected database will receive a notification packet from CAMC with a letter detailing actions for victims to take, identity protection and security freeze publications from the Attorney General’s Office and the FTC, and information on special data security services to be offered by the hospital.

The breach was discovered last week by Lorrie Lane, an employee of People’s Federal Credit Union in Nitro, during a telephone conversation with her brother-in-law. The brother-in-law had done an online search for an address so that he could invite a relative to a family wedding. He found that the relative’s name, address, birth date, Social Security number, patient ID and other sensitive data was easily accessible on WVChamps.com, a CAMC website relating to respiratory and pulmonary rehabilitation for seniors.

Ms. Lane, who works with customers on mortgage applications, recognized that allowing such sensitive personal information to be unsecured is a dangerous identity theft problem and therefore immediately alerted the Attorney General’s Office.

Patient information on WVChamps.com had been accessed 94 times, including hits from the Attorney General’s Office and CAMC staff, since the reports were first posted on September 1, 2010. Although no instances of identity theft have yet been identified, the Attorney General’s Office is monitoring the situation for any illicit use of patient data.

CAMC will offer victims of its data breach: an option to place a security freeze on their credit reports, paid by CAMC; a one-year enrollment in the “Gold ID Portal Plan,” a comprehensive credit report monitoring plan from Equifax with $1 million of theft identity protection; and a call center with a toll-free number for questions about the breach. Additionally, the Attorney General’s Office will run free credit reports for anyone whose information was included in the compromised website’s report.

An audit showed that Google was the only search engine whose “bots” had visited the WVChamps website. Announcement of the breach was withheld until it could be verified that all of Google’s search caches had been cleared and that the data was no longer accessible online. There is no evidence that other search engines retained any of the data.

West Virginia consumers who suspect that their personal data has been compromised can contact the Attorney General’s Office by calling the Consumer Protection Hot Line,            1-800-368-8808      , or by calling             1-855-388-6699      , a toll-free hot line set up by CAMC. Consumers may also obtain a complaint form from the Attorney General’s consumer web page at www.wvago.gov.

Category: Breach IncidentsExposureHealth DataSubcontractorU.S.

Post navigation

← Contractor error exposed Charleston Area Medical Center’s Research Institute patient data on web
Web glitch allowed access to others’ data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.