957 Griffin Hospital Patients Affected in Breach | NBC Connecticut

957 Griffin Hospital Patients Affected in Breach



    Getty Images
    Almost 1,000 records were breached, Griffin Hospital officials said.

    Radiology reports for 957 patients of Griffin Hospital in Derby might have been compromised, according to the hospital.

    Hospital officials suspect that a radiologist who was terminated on Feb. 3. His lost rights to use the system but used passwords of other employees to access patients’ radiology reports, hospital officials said.

    The patients apparently received unsolicited phone calls from a physician who offered to perform professional services at another area hospital.

    The apparent breach took place between Feb. 4 to March 5, hospital officials said in a news release. The hospital began investigating when patients called about the inquiries.

    The information was gleaned from PACS, a digital image archiving system that maintains encrypted data of patient’s radiological images. It is protected by passwords and entry system and allows authorized physicians to study the images through a secured network in the hospital and remote locations outside of the hospital.

    It appears that the physician downloaded image files of 339 out of the 957 patients listed in the PACS directory, hospital officials said.

    Griffin President Patrick Charmel said the breach “appears to have been a deliberate intrusion into Griffin’s Digital Picture Archiving and Communication System to view patient radiology reports” and the hospital completed an audit and investigation and notified affected patients.

    There are also steps underway to improve security of patient information.

    “We regret that this incident has occurred, and are committed to prevent future such occurrences,” Charmel said.

    The information accessed included: patient name, exam date, exam description, gender, age, medical record number and date of birth.

    Social Security numbers and patient financial information are not listed in the directory accessed, hospital officials said. Patients do not need to take further action to protect them from future harm resulting from the breach.