DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Sentara notifies 5000+ patients after breach at vendor

Posted on January 16, 2017 by Dissent

WAVY reports:

A cyber security breach at a third party vendor for Sentara Healthcare has compromised the records of over 5,000 patients.

The incident involves 5,454 vascular and thoracic patients seen between 2012 and 2015 at Sentara hospitals in Virginia.

Read more on WAVY. The vendor was not named, nor were many details about the nature of the breach provided in the news report. And it’s not even clear from Sentara’s statement, a portion of which is quoted below, whether they are talking about an external attack or an employee inappropriately accessing a patient database:

On November 17, 2016, in conjunction with law enforcement, Sentara Healthcare determined that one of its third party vendors experienced a cybersecurity incident. Patient information as it relates to some vascular and/or thoracic procedures that took place between 2012 and 2015 at a Sentara hospital in Virginia was inappropriately accessed. The information may have included patients’ names, medical record numbers, dates of birth, social security numbers, procedure information, demographic information and medications. This incident has and is still being investigated by law enforcement, Sentara’s Information Security team and the third party vendor.

This incident did not affect all Sentara patients, but only certain vascular and thoracic patients treated between 2012 and 2015.

We began mailing letters to affected patients on January 13, 2017, and have established a dedicated call center to answer any questions. If you believe you are affected but have not received a letter by January 29, 2017, please call 844-319-0134, Monday through Friday, from 9:00 a.m. to 9:00 p.m. EST (excluding national holidays)

We recommend that patients who are affected by this incident following the instructions on the letters they receive and remain vigilant for incidents of fraud or identity theft by reviewing account statements and free credit reports for any unauthorized activity.

As I have written about several times in the past few months, breaches involving third-party vendors or business associates are a significant risk. Such breaches accounted for a disproportionate percentage of records breached in 2016.

Eventually, I hope Sentara will clarify whether this was an external hack or a case of employee/insider-wrongdoing.

Related posts:

  • Update on Omnicell stolen device breach: 56,000 Sentara patients impacted
  • OCR Secures $2.175 Million HIPAA Settlement after Sentara Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
  • Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
  • 1,040 Sentara Heart Hospital patients notified of HIPAA breach
Category: Health DataInsiderU.S.

Post navigation

← Zimbabwe computer hacker takes $70k from OK Zim
Confidential medical documents from Sainte-Justine Hospital leaked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.