DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Sentara notifies 5000+ patients after breach at vendor

Posted on January 16, 2017 by Dissent

WAVY reports:

A cyber security breach at a third party vendor for Sentara Healthcare has compromised the records of over 5,000 patients.

The incident involves 5,454 vascular and thoracic patients seen between 2012 and 2015 at Sentara hospitals in Virginia.

Read more on WAVY. The vendor was not named, nor were many details about the nature of the breach provided in the news report. And it’s not even clear from Sentara’s statement, a portion of which is quoted below, whether they are talking about an external attack or an employee inappropriately accessing a patient database:

On November 17, 2016, in conjunction with law enforcement, Sentara Healthcare determined that one of its third party vendors experienced a cybersecurity incident. Patient information as it relates to some vascular and/or thoracic procedures that took place between 2012 and 2015 at a Sentara hospital in Virginia was inappropriately accessed. The information may have included patients’ names, medical record numbers, dates of birth, social security numbers, procedure information, demographic information and medications. This incident has and is still being investigated by law enforcement, Sentara’s Information Security team and the third party vendor.

This incident did not affect all Sentara patients, but only certain vascular and thoracic patients treated between 2012 and 2015.

We began mailing letters to affected patients on January 13, 2017, and have established a dedicated call center to answer any questions. If you believe you are affected but have not received a letter by January 29, 2017, please call 844-319-0134, Monday through Friday, from 9:00 a.m. to 9:00 p.m. EST (excluding national holidays)

We recommend that patients who are affected by this incident following the instructions on the letters they receive and remain vigilant for incidents of fraud or identity theft by reviewing account statements and free credit reports for any unauthorized activity.

As I have written about several times in the past few months, breaches involving third-party vendors or business associates are a significant risk. Such breaches accounted for a disproportionate percentage of records breached in 2016.

Eventually, I hope Sentara will clarify whether this was an external hack or a case of employee/insider-wrongdoing.

Related posts:

  • Update on Omnicell stolen device breach: 56,000 Sentara patients impacted
  • OCR Secures $2.175 Million HIPAA Settlement after Sentara Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
  • Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
  • 1,040 Sentara Heart Hospital patients notified of HIPAA breach
Category: Health DataInsiderU.S.

Post navigation

← Zimbabwe computer hacker takes $70k from OK Zim
Confidential medical documents from Sainte-Justine Hospital leaked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.