ASHEVILLE-Mission health has reached out to an undetermined number of Western North Carolina residents after a data leak involving the hospital’s e-Commerce system website. 

The system, owned by Nashville-based HCA health said it recently “identified and reviewed” a security incident involving consumer information provided when shopping at its online store. In an October 11 letter obtained by the Citizen Times, the Mission said it determined on September 13 that malicious code had been inserted into the legitimate code of its website and sent payment information to an “unauthorized person.” 

The letter, signed by Beth Cirillo, who is listed as the Executive Director and employee of the HIPAA privacy division of HCA’s North Carolina division, says malicious code is present on its e-Commerce sites, including shopmissionhealth.org, from March 27, 2016 to June 26, 2019.

An internal review of all transactions made during that time period found names, addresses, payment card numbers, expiration dates and CVV codes “may have been captured by an unauthorized person (s),” the letter said. Cirillo said the breach does not involve access to patients ‘ medical records or treatment information.

“We deeply regret any concern or inconvenience this may cause you,” the letter said.

More:

Mission may soon be off the grid for CIGNA customers

– Madison County is exploring ambulance service options

In a statement, a spokesman for the Mission said the system “takes the privacy and security of information very seriously.” The statement noted that the Mission had sent letters to affected consumers, although it did not indicate how many had been affected in the more than three years the code had been present in its systems.

The mission States that it has taken steps to remedy the situation. For affected customers, it offers one free year of membership in the credit monitoring service. It also demolished an online store that included personal care items, over-the-counter medications and vitamins, among other items, as well as childbirth, Wellness and weight management classes, the Internet archive shows.

Let’s support our community-Support community journalism stories like this one. Become a Citizen Times subscriber today for unlimited digital access. JOIN TODAY

“This website is not part of our core missionhealth.org the site, and has been taken offline and is now fully restored,” the spokesperson said in an email.

Privacy rights Clearinghouse, a nonprofit data leak tracking organization, estimates more than 9100 data breaches have been made public since 2005, containing more than 10.4 billion records that have been exposed. In 2018, more than half of the reported violations came from the medical industry, including medical professionals and health insurance services, according to the organization’s database.

Earlier this year, North Carolina attorney General Josh Stein was part of an Executive Committee that coordinated payments of more than $700 million from Equifax’s credit monitoring Bureau after an investigation found it did not maintain a “reasonable security system,” leaving it vulnerable to hacking.

This article originally appeared on Asheville Citizen Times: Mission health data leak: e-Commerce site contained “malicious code” for 3 years

Like us on Facebook to see similar stories

Please give an overall rating of the site: