Hospital: Computer virus exposed patient records
Valley View Hospital in Glenwood Springs says a computer virus compromised personal but nonmedical information regarding 5,400 patients.
The hospital said in a statement on its website that it found the virus in January and there is no evidence that the data was accessed or transmitted to an outside entity. However, it is taking steps including notifying those potentially affected and providing them with protection services and programs, while also upgrading its computer security.
It said that after the breach was discovered, an information technology forensic firm was brought in and determined that a sophisticated virus captured screen shots of Internet web pages and stored the images in an encrypted, hidden system file that could have been accessed by an outside entity.
“Upon this discovery on January 23 … the hospital immediately shut down incoming and outgoing Internet traffic to quarantine all information. Steps were taken to remove the virus from the system,” the hospital said.
Two days later, the forensic firm reported to the hospital that the information in the hidden folder “varied for each affected individual but included individual names and in some cases addresses, date of birth, telephone numbers, social security numbers, credit card information, admission date, discharge date and patient visit numbers. No medical information was included.”
The hospital will send out letters Monday to all of those potentially impacted. It established an information line, 888-236-0444, to help answer questions and let people how they can protect themselves. It will be available from 7 a.m. to 7 p.m. on Saturday, and then continuing Monday through Friday, and Spanish-speaking operators will be available.
Valley View also is offering free identity and credit protection services.
It has launched a new, upgraded and expanded information security program.
“We apologize for any inconvenience or concern that this may cause our patients, employees and their families,” chief executive officer Gary Brewer said in the hospital’s statement. “We take our responsibility to protect patient information very seriously. We have responded to this situation as quickly and comprehensively as possible, and we continue to monitor progress as we take steps to inform and support those potentially affected by this incident.”