VCU Health data breach exposes private information of thousands of patients
RICHMOND, Va. (WWBT) - VCU Health revealed to patients that the system had a massive data breach.
The issue has since been resolved, but this exposed medical records of nearly 4,500 organ donors and transplant recipients over 16 years.
In total, 4,441 patients were potentially impacted. VCU Health’s investigation determined that the information was accessible to these patients as early as Jan. 4, 2006.
“It can be very bad. If someone was capable of getting your personal information, they could basically steal your identity and absolutely ruin you,” Michael Pfaff, the Director of Operations at Network Data Security Experts (NDSE), said. “It could take all of your abilities to do anything in the future away.”
This data breach was not a public leak of records, but it allowed organ donors or transplant recipients with patient portal access to see each other’s private information.
They would have been able to potentially access names, social security numbers, medical records, lab results and more.
“With that kind of information, you can use identity theft, you can gain access to other information around us and that’s things that we do not want out there,” Pfaff said.
However, VCU Health did not find evidence to suggest that any information was misused.
On the other hand, Pfaff says you cannot be sure.
“You can’t really know for sure. We can track if data has been exfiltrated from infrastructure in most cases, but this kind of scenario, I believe, would be a little bit different,” he said.
Although the issue has been resolved, Pfaff says the victims of this breach should still stay hyper-aware.
“As a patient, if you were involved in this, put some protections around yourself,” he said. “Credit monitoring, alert all the credit companies out there, alert your bank, alert everyone that you can and have some of these measures put in place, just in case.”
NBC12 reached out to VCU Health to learn what they are doing to prevent this from happening again.
They declined to speak with us but said they are working closely with cyber-security experts.
Copyright 2022 WWBT. All rights reserved.
Want NBC12’s top stories in your inbox each morning? Subscribe here.