“Reimbursement specialist R-C Healthcare Management, a business associate under HIPAA, left patient information accessible on the web for four days.

Personal information of more than 650,000 Bon Secours patients – including names, insurance identification numbers, banking information, social security numbers and some clinical data – was left exposed on the internet for four days this spring by a business associate of the hospital system.

R-C Healthcare Management, a reimbursement optimization firm, was adjusting its network settings between April 18 and April 21, and in doing so exposed data of Bon Secours patients in three states – 435,000 of them Virginia, and the rest in South Carolina and Kentucky – to be accessible online.”


Author: Mike Miliard