More than 5K Sentara Healthcare patients’ records compromised

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

NORFOLK, Va. - Sentara Healthcare announced a cybersecurity incident that may have compromised more than 5,000 patients records on Monday.

On November 17, 2016 Sentara found that one of its third party vendors experienced a cybersecurity incident impacting records of 5,454 vascular and/or thoracic patients seen between 2012 and 2015 at Sentara hospitals in Virginia.

Sentara said they are working with law enforcement, the vendor, and a leading cybersecurity firm to investigate the incident.

The information that was accessed may have included patients’ names, medical record numbers, dates of birth, social security numbers, procedure information, demographic information and medications, according to Sentara.

The hospital said the incident did not affect all Sentara patients, but only certain patients who received vascular and/or thoracic treatment between 2012 and 2015.

Sentara has provided written notice to individuals who have been affected. They have also created a toll-free number that people can call with questions.

The number to call for patients who may have been affected is 844-319-0134.

Sentara said in order to help prevent something like this from happening in the future, the vendor has informed Sentara that it is enhancing its system security.

Cyber security expert Charles Tendell, Hackerslist.com spoke to News 3 Monday night.

"When you're hearing about them this late in the game, it typically means that the bad guy ... got in several years ago and they've been kind of siphoning off pieces of information and it wasn't until recently that the breach got known and that's when the hole got plugged up," said Tendell.
Sentara says they’re working with law enforcement and that more security measures have been put in place but said they could not elaborate on the enhancements citing security reasons.

"The only thing you're going to be able to do is learn from their mistakes. ...  They didn't have encryption on certain things and all of those are going to come out through this attack which is in some ways is a good thing because now they can fix it," said Tendell.

Tendell said hackers are all over.

"Nowadays you got vulnerabilities in places you might not think of.  The TV you're watching this on might be vulnerable and the TV might be watching you.  Your computer could be listening to you. Your car might soon be hijacked. There's really no end until the general public starts thinking more securely the hacks are  going to continue," said Tendell.