Residents outside of Middletown Medical on Friday didn't know about the recent data breach, but they are aware of the increased concerns around data safety and privacy.
"I find it alarming and compelling," said Middletown resident Paul Brower. "At the same time, it's tragic, because I know that people's identities are being stolen and their personal information is being compromised."
Middletown Medical confirmed there was a data breach earlier this year, blaming the invasion on a wrong security setting. The medical center posted a notice on its website, saying a setting on a radiology interface may have allowed users to see a patient listing and electronic patient information, including patient names, birthdates, client identification numbers, an indication that patients received radiology services and the date when they received those services.
Cybersecurity experts say these types of breaches are common.
"Just within the medical industry, in open source, probably two two three a week that fall in line with poor practices in the cyber area," said Brig. Gen. (Ret.) Steven Spano, president and COO of Center for Internet Security, a nonprofit cybersecurity company.
The information does not include Social Security numbers or any other electronic medical records, officials said. But Spano says that if the information got into the wrong hands, there is a potential threat.
"You can sell that information, you can use that information for blackmail forms of bribing the individuals based upon health histories that aren't exposed to the general public," said Spano.
Middletown Medical has since modified the interface and terminated any potential unauthorized access. Officials added that, although there is no evidence that any of this information has been misused, they will offer identity theft recovery services for those affected at no cost.
If you notice any suspicious activity, call (866) 397-0986.