A third-party vendor serving Virginia-based Sentara Healthcare suffered a cyberattack, resulting in the 12-hospital delivery system sending breach notification letters to approximately 5,454 affected patients.

Law enforcement informed Sentara of the breach on Nov. 17, 2016, and a Sentara investigation pinpointed the vendor, which it declined to identify in its announcement, as the target. Healthcare organizations often learn of cyberattacks as police in the course of investigating an incident find other facilities that also were affected. Police, Sentara and the vendor continue to investigate the incident, according to the notification letter.

The vendor does not provide direct care to patients, according to a Sentara spokesperson; it provides information reporting and data benchmarking services. With the investigation ongoing, the organization will not provide additional information about the vendor or its current relationship with the vendor.

Also SeePresence Health hit with HIPAA fine for slow breach response

The compromised patient information “relates to vascular and/or thoracic procedures that took place between 2012 and 2015 at a Sentara hospital in Virginia, and was inappropriately accessed,” the organization has informed patients.

(This article appears courtesy of our sister publication, Health Data Management)

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access