Transplant donor and recipient info exposed in Virginia

The Virginia Commonwealth University Health System (VCU) has informed nearly 4500 transplant participants about a major data breach affecting their healthcare information.

The organization warned that some transplant recipients’ medical records contained their donor’s information, while recipient information also showed up in some donors’ records. It has been inappropriately exposing this information since 2006 in some cases.

The following information was exposed:

Full names,

SSNs (Social Security numbers),

Lab results,

Medical record numbers,

The dates of medical procedures,

Dates of birth.

In total, 4441 people were affected, it stated. VCU warned:

This information may have been viewable to transplant recipients, donors, and/or their representatives when they logged into the recipient’s and/or donor’s patient portal.

VCU has mailed affected individuals where possible and offered them free credit reports. Only those whose social security numbers were affected get free credit monitoring.

Unfortunately, however, this isn’t the first time that the organization has had to notify patients about mismanagement of their information. In 2014, VCU warned that it had failed to properly dispose of CDs containing patient health information. Instead of following its own disposal protocols, it had donated the CDs for children’s art projects.

In the same time, publisher of Dark Souls, Elden Ring and Soulcalibur, Bandai Namco, has been hit by a ransomware attack.