Email breach at CMC-Randolph, officials say - | WBTV Charlotte

Email breach at CMC-Randolph, officials say


Carolinas HealthCare System is notifying approximately 5,600 patients of Carolinas Medical Center-Randolph (CMC-Randolph) whose private information may have been breached by an unauthorized electronic intruder.

Approximately 700 additional patients of the affected provider are also being notified as a precautionary measure, even though officials say no evidence has been found that their information was obtained by the intruder.

The security breach was discovered on October 8, following an upgrade in the hospital's security software. According to investigators, the intruder obtained emails from the provider's account between March 11, and October 8, 2012. 

Upon discovery of the breach, immediate steps were taken to prevent further access by the intruder to the affected email account. Carolinas HealthCare System hired a forensic investigator and notified federal law enforcement of the incident, officials said. 

Based on information discovered through the investigation, most of the obtained emails did not contain patient information. While only five emails contained social security numbers, a number did contain some medical and other patient information, the report states. 

The emails appear to include one or more of the following: patient names, dates and times of service, provider and facility names, internal hospital medical record and account numbers, dates of birth, and treatment information, such as diagnosis, prognosis, medications, results and referrals.

Potentially affected patients have been sent personal letters explaining the type of information involved. 

Carolinas HealthCare System said there is no evidence that the information has been misused, and based on the investigation, no other email accounts or other computer systems, including the electronic medical records system, were found to have been affected by the incident. 

Carolinas HealthCare System has taken several measures to ensure this intrusion is contained and to prevent similar incidents from happening again, including implementing additional security safeguards to prevent unauthorized intrusions and continuing to actively monitor systems for unusual activity. 

The U.S. Department of Health and Human Services and the North Carolina Attorney General are also being notified of the incident. 

As a precautionary measure, Carolinas HealthCare System is offering affected patients free credit monitoring and insurance services through AllClear ID, a company that specializes in this area.

Patients with questions or who would like additional information can call 1-877-313-1404, or visit

Information about this incident is posted on the "News & Events" tab of the website. Patients are also encouraged to regularly monitor their credit reports and may wish to place fraud alerts on their credit file and take other precautionary measures. 

Additional information on how to protect against identity theft is located at and in the patient letters.

Powered by Frankly