The Attorney General’s Office said that CAMC was taking action to secure patients' personal information, which included names, addresses, social security numbers, birth dates, and other sensitive information.
The data breach occurred at the CAMC Health Education Research Institute, which posted the patients' information on an unsecured website.
The breach was discovered by Lorrie Lane during a telephone conversation with her brother-in-law, who had done an online search for an address so that he could invite a relative to a family wedding. He found that the relative’s name, address, birth date, social security number, patient ID, and other sensitive data was easily accessible on WVChamps.com, a CAMC website relating to respiratory and pulmonary rehabilitation for seniors. Lane then contacted the Attorney General’s Office about the data breach.
CAMC has hired Bonadino Group, a New York-based risk management group, to undertake a security assessment of the hospital's networks.
In addition, CAMC said it will offer victims of its data breach an option to place a security freeze on their credit reports paid for by CAMC; a one-year enrollment in a credit report monitoring plan from Equifax; and a call center with a toll-free number for questions about the breach. Additionally, the Attorney General’s Office said it would run free credit reports for anyone whose information was included on the compromised website.