A data breach at a third-party medical records vendor exposed the personal and health information of patients at two Deaconess Health System hospitals in Western Kentucky, with the Evansville-based health system saying the incident was disclosed nearly two months after it occurred.
The exposure did not affect Deaconess’s internal computer systems or its electronic medical records platform; rather, it involved MRO Corp., the Pennsylvania-based health care data firm Deaconess contracts to handle patients’ requests to release information. Patients of Deaconess Henderson Hospital and Morganfield’s Deaconess Union County Hospital are among those affected, along with patients from surrounding clinics whose data were subject to an ROI request. Read more at Courier & Press.