Kadlec computer servers hacked

RICHLAND -- Kadlec Regional Medical Center officials announced Wednesday that patients are being notified that one of the hospital's computer servers containing brain scan and other patient studies was hacked in September.

Files housed on the server included information with a patient's name, birth date, age, gender, medical record number and doctor's name, but did not include any patient financial information, address, Social Security number or insurance data.

Kadlec officials first discovered the unauthorized access during routine monitoring of computer network backups Nov. 11, according to a news release.

Kadlec immediately removed the server from service and hired a national company that specializes in computer security to investigate the cause of the incident and scope of the breach.

The analysis confirmed there was unauthorized access to one of Kadlec's 225 servers sometime around Sept. 15. Forensic experts found no evidence that patient data actually was viewed, compromised or removed from the system.

As a precaution, Kadlec is sending a letter to all patients whose information was on the files on the affected server.

"We take our responsibility to protect patient information very seriously," said Rand Wortman, president and CEO of Kadlec Health System. "This incident was unique, and we apologize for any concern or inconvenience it may cause patients and their families."

Hospital officials said it has added significant security measures to Kadlec's servers to help prevent future breaches.

"While it may be impossible to completely thwart skilled and determined hackers from 'parking' on unauthorized servers, we will take all necessary steps to review and strengthen internal procedures to ensure Kadlec provides the highest level of data security possible," Wortman said.

Kadlec's notice to patients encouraged them to be vigilant and to notify the hospital immediately if they notice any unusual activity. The hospital is providing all patients whose information was contained in files on the server with identity theft safeguards, officials said.

In addition to contacting affected patients, Kadlec informed the federal Department of Health and Human Services.

-- Michelle Dupler: 509-582-1543; mdupler@tricityherald.com