DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NJ: Virtua Medical Group notifies 1,654 patients whose information was exposed on Internet (updated)

Posted on March 19, 2016 by Dissent

On March 11, Burlington County Times reported:

Virtua Medical Group, the network of doctors exclusively affiliated with the South Jersey health system, reported Friday that patient information — including names and treatments over a five-year period — was accidentally released and viewable on the Internet in January.

The medical group learned on Jan. 21 that earlier in the month “certain patient information from three practices … had become viewable on the Internet by using a search engine,” according to the notice.

A subscription is required to access the full article, and Virtua Medical Group does not appear to have a copy of their notice readily locatable on their web site.  Their report to HHS, though, indicates that 1,654 patients were impacted.

Virtua has not yet responded to an email inquiry sent to them earlier today. This post will be updated when more information becomes available.

Updated 3-21-16: Virtua kindly sent me a copy of their notice, which was, it seems, posted on their web site the same day:

Virtua Notifies Patients of Transcription Record Incident

Virtua Medical Group (VMG) announced today that in early January 2016, one of its transcription vendors unintentionally caused certain patient transcription records to become viewable on the internet if searched with a search engine. Each year, VMG creates patient records for each of its 750,000 patient visits, and this incident involved considerably less than 1% of those visits. Only certain patients treated from 2011 to January, 2016 at Virtua Gynecologic Oncology Specialists, Medford Surgical Services, and Virtua Pain and Spine were affected.

VMG first learned of this incident on January 21, 2016, and immediately began a thorough internal investigation. VMG determined that the transcription vendor had a server that had been unintentionally misconfigured during an upgrade, allowing the transcription documents to be viewable by using a search engine on the internet. VMG immediately had the vendor remove the patient information from the server, and VMG confirmed that patient information was no longer viewable. VMG also took action to have the records removed from search engines.

There is no indication that any patient information was used in any way and the transcription record did not contain social security numbers, financial information or addresses. However, VMG sent letters to patients on March 11, 2016, and established a dedicated call center to support patients and answer their questions. To help prevent an incident like this from happening in the future, VMG has ceased doing business with the transcription vendor. More information is posted on the Virtua website: https://www.virtua.org/news/notice-to-patients-of-transcription-records-incident.

 


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
Category: ExposureHealth DataSubcontractorU.S.

Post navigation

← Hackers attack Switzerland’s largest party, claim huge personal data theft
Missing mental health assessments result in HIPAA notifications by VA to 373 veterans →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • White House ordered to restore Medicaid funding to Planned Parenthood clinics
  • California Attorney General Announces $1.55M CCPA Settlement with Healthline.com
  • Canada’s Bill C-2 Opens the Floodgates to U.S. Surveillance
  • Wiretap Suits Pit Old Privacy Laws Against New AI Technology
  • Action against tiny Scottish charity sparks huge ICO row
  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.