Visit Jim Hall's blog: Rapid Assessment Visit Janet Marshall's blog: In Moderation

View the Spotsylvania County community page

Hospital patient data revealed

Patient information was made public when a computer system at Mary Washington Hospital malfunctioned

Date published: 10/19/2008

BY JIM HALL

A security breach in an online computer system at Mary Washington Hospital exposed the private medical information of some of its maternity patients.

A man who tried to use the Fredericksburg hospital's online registration system for his expectant wife said the files for 803 patients were publicly available on the site.

On Friday, a hospital official described the breach as an "anomaly."

She said the man was the only person to see the files, that he opened only two of them and that he did not print or download any data.

"We believe that this is a one-time incident," said Kathleen Allenbaugh, hospital spokeswoman.

Hospital officials first learned of the breach when a Spotsylvania County sheriff's deputy notified them that the online registration feature at the MediCorp.org Web site was not working correctly.

Rebecca and Gary Dennison, a Spotsylvania couple, had contacted police after learning that their private medical information was visible on the site.

Rebecca Dennison is expecting the couple's first child in November, and had preregistered online for her delivery.

Dennison said last week that a stranger who gave his name as "Mike" called her house the night of Saturday, Oct. 11, to tell her that he was looking at private information about her and her husband on the MediCorp site.

The man knew the couple's Social Security numbers, phone numbers, address, insurance carrier, her birth date and her doctor's name.

She was concerned, she said, because her husband was in Delaware on business at the time.

"I was in shock," she said. "I didn't know what to do. It was 11 o'clock at night."

Dennison called her husband, who contacted the Sheriff's Office after talking with Mike. A Spotsylvania deputy called Mike and then called the hospital.

Reached by phone last week, Mike said he was reluctant to talk about the incident, and agreed to do so only if his last name was not be used.

"I didn't want to cause any trouble for anybody," he said.

He said he went to the MediCorp site to register his wife for her delivery. She, too, is pregnant with the couple's first child and expects to deliver in November.

Mike said he had trouble with the site, and at one point got a "certificate is revoked" error message.

Follow us on

Read more stories about Fredericksburg
Date published: 10/19/2008

Most recent reader comments: