DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The West Virginia Attorney General’s Office statement on CAMC breach

Posted on February 16, 2011 by Dissent

West Virginia Attorney General Darrell McGraw today announced actions by his office and the Charleston Area Medical Center (CAMC) to secure the private information of 3655 patients affected by a data breach on a website set up for CAMC. The breach occurred within the research subsidiary of CAMC – the CAMC Health Education Research Institute (CHERI).

As a result of discussions with the Attorney General’s Consumer Protection Division, officers at CAMC have agreed to a number of measures to safeguard the information that was compromised, protect against further breaches, and ensure that the hospital’s other websites are secure. CAMC has hired the Bonadio Group, a New York-based risk management group, for its security assessment.

“After learning of this security breach, my Consumer Protection Division immediately had the compromised website shut down,” Attorney General McGraw said. “Data security is critical to our citizens and protecting it is a priority with my office.”

Patients in the affected database will receive a notification packet from CAMC with a letter detailing actions for victims to take, identity protection and security freeze publications from the Attorney General’s Office and the FTC, and information on special data security services to be offered by the hospital.

The breach was discovered last week by Lorrie Lane, an employee of People’s Federal Credit Union in Nitro, during a telephone conversation with her brother-in-law. The brother-in-law had done an online search for an address so that he could invite a relative to a family wedding. He found that the relative’s name, address, birth date, Social Security number, patient ID and other sensitive data was easily accessible on WVChamps.com, a CAMC website relating to respiratory and pulmonary rehabilitation for seniors.

Ms. Lane, who works with customers on mortgage applications, recognized that allowing such sensitive personal information to be unsecured is a dangerous identity theft problem and therefore immediately alerted the Attorney General’s Office.

Patient information on WVChamps.com had been accessed 94 times, including hits from the Attorney General’s Office and CAMC staff, since the reports were first posted on September 1, 2010. Although no instances of identity theft have yet been identified, the Attorney General’s Office is monitoring the situation for any illicit use of patient data.

CAMC will offer victims of its data breach: an option to place a security freeze on their credit reports, paid by CAMC; a one-year enrollment in the “Gold ID Portal Plan,” a comprehensive credit report monitoring plan from Equifax with $1 million of theft identity protection; and a call center with a toll-free number for questions about the breach. Additionally, the Attorney General’s Office will run free credit reports for anyone whose information was included in the compromised website’s report.

An audit showed that Google was the only search engine whose “bots” had visited the WVChamps website. Announcement of the breach was withheld until it could be verified that all of Google’s search caches had been cleared and that the data was no longer accessible online. There is no evidence that other search engines retained any of the data.

West Virginia consumers who suspect that their personal data has been compromised can contact the Attorney General’s Office by calling the Consumer Protection Hot Line,            1-800-368-8808      , or by calling             1-855-388-6699      , a toll-free hot line set up by CAMC. Consumers may also obtain a complaint form from the Attorney General’s consumer web page at www.wvago.gov.

Category: Breach IncidentsExposureHealth DataSubcontractorU.S.

Post navigation

← Contractor error exposed Charleston Area Medical Center’s Research Institute patient data on web
Web glitch allowed access to others’ data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.