DAVENPORT, Iowa (AP) — A Davenport-based company has alerted nearly 1,200 former hospital patients about a website data security lapse that exposed their names and birthdates to identity theft.
Genesis Health System, which issued the warning, said a medical transcription firm didn’t establish a firewall to protect online information from May 5 to June 24, the Quad-City Times reported (http://bit.ly/14q1Dty ). The firm, M2ComSys, was contracted by Cogent Healthcare, which provides physicians to two Genesis Medical Center hospitals in Davenport and the Genesis Medical Center-Illini Campus in Silvis, Ill.
M2ComSys, based in Las Vegas, referred all media inquiries to Cogent Healthcare, which released a statement.
“Cogent Healthcare takes information security and patient privacy very seriously. We apologize for any difficulties this incident may cause any of our patients or hospital partners. We recognize it is our responsibility to give patients the information they need to take precautions to protect themselves, and we are actively doing so.”
The unprotected data included follow-up care information about patient cases. Genesis spokesman Ken Croken said there is no evidence that identity theft has occurred, and no Social Security numbers or financial information was involved.
Croken said officials were concerned that Quad-City area residents, which will receive letters about the lapse, would have questions.
“We did feel an ethical need to notify people,” he said.
Croken added that Genesis, which was not responsible for the incident, has never had a data security lapse. Croken said the future of its relationship with Cogent Healthcare will be determined soon.
“Consumers should expect that this information remains secure,” he said.
Cogent Healthcare, which is based in Brentwood, Tenn., said the health information of about 32,000 patients nationwide was exposed. The company will offer affected patients a complimentary one-year membership in a program that offers identity theft protection and daily credit bureau monitoring. It has ended its relationship with M2ComSys.