KRMC website shut down since April, possible security breach

KINGMAN – Kingman Regional Medical Center reported a “security incident” on its website, which was shut down on April 8 and, after two months, still remains under construction.

The hospital established that “the configuration of the website made it possible for unauthorized person(s) to view some information entered into the website by KRMC customers,” the hospital stated in a Friday, June 7 press release.

This incident did not impact all KRMC customers, but affected 1,100 individuals who used the “Request an Appointment” feature on the website (the vulnerable timeframe is estimated between November 2016 and April 2019. Information that could have been accessed includes customers’ names, dates of birth, and information related to their medical condition, KRMC stated.

KRMC emphasized customers’ medical records, social security numbers, and financial information were not affected, and the hospital began contacting affected customers today.

Since KRMC recently introduced a new electronic health record system assuring customers of its security, The Daily Miner inquired on the security of both systems.

“The website is housed on a separate server, which does not in any way connect to our medical systems,” said Teri Williams, Communications & Marketing Director. “It is a ‘public’ website, not an in-house medical records system that is highly secure from public access. Therefore, the public can be assured that this incident in no-way impacted people’s medical records, social security numbers, or financial information.”

According to Williams, KRMC “employs strict international protocols for protecting the security of our medical systems, which meet hospital accreditation criteria and federal standards. Since, our website is ‘public’ it is not subject to those same protocols. Going forward, we have engaged a cyber security firm that is developing a more secure site with more detailed audit and alert capabilities.”