W.Va. hospital breach raises information security concerns

Website breach leaves more than 3K at risk for identity theft


CHARLESTON, W.Va. --

A woman from Nitro was helping plan her brother-in-law's wedding. She was using Google to look up family members' addresses and during the search, a doctor's office website came up with a lot of personal information on that family member.

This indicated a breach that officials traced back to the research wing of Charleston Area Medical Center.

A formatting error allowed the website to be accessed without a password and made available exactly the kind of information that identity thieves are looking for, such as patients' names, addresses, birth dates, phone numbers and even social security numbers.

The woman contacted the state attorney general's office.

NEWS9 caught up with Attorney General Darrell McGraw while he was speaking at an event tonight in Marshall County.

He said the site's been secured and no cases of identity theft were reported since the breach was first reported last week.

But he says it should serve as a lesson to all hospitals in West Virginia to better protect patients' personal data.

"The breach that occurred there which exposes 3,655 West Virginians to the possibility of identity theft. It's a big issue," said McGraw.

According to the attorney general's office, patient information on that site was accessed 94 times before it was shut down, but no cases of identity theft were reported.

McGraw's office is still monitoring the situation and offering free credit checks for anyone whose information was compromised in the breach.

Copyright 2011 by . All rights reserved. This material may not be published, broadcast, rewritten or redistributed.