Executive Summary:

More than 2,300 patient medical records from Glen Falls Hospital in New York were exposed because they were left unprotected on a third party server. The breach was discovered by forensic auditors, who then alerted the hospital officials. A hospital spokeswoman, Darlene Raynsford, said that patient Social Security numbers, financial information and addresses were not stored on the server. She also said that there is no way to tell if the records were even accessed or how. After discovering the incident, the hospital notified the victims and fired the contractor, Portal Healthcare Solutions.


This article supports the fact that companies, especially companies who store confidential information, need to have security to protect their networks and information. Although Glen Falls Hospital outsourced their record protection to a third party, it is still the hospital's responsibility to protect their patient records and make sure that Portal Healthcare Solutions has proper security. The article did not say, but I hope that the hospital learned from this incident and set up better controls and security for their patient records and servers.