(WSAZ Photo / Brad Myers)

UPDATE 2/16/11 @ 9:45 a.m.
CHARLESTON, W.Va. (WSAZ) -- Charleston Area Medical Center's Research Institute reports a security incident which involved the personal information of thousands of its patients.

According to a news release, CAMC learned on Feb. 8 that one of its databases containing information for about 3,655 patients had security vulnerability.

The database was setup in September 2010, by a third party technology contractor, called XForia, according to Witte.

Lorrie Lane alerted the West Virginia Attorney's Office about the problem.

West Virginia's Attorney General Darrell McGraw held a news conference Wednesday to discuss the security breach.

McGraw tells WSAZ.com Lane's brother-in-law was searching for a family friend's address for a wedding invitation when he conducted a Google search of her name and found the records.

McGraw says there was a mistake in the formatting of the database and it allowed data to be accessed without a password. Once the problem was identified, the website was shut down immediately.

The database contained names, contact details, Social Security numbers, dates of birth of patients, along with certain basic clinical information about the patients.

It was designed to help CAMC evaluate and treat patients in an outpatient setting, to reduce unnecessary hospitalizations, according to the release.

According to a news release, other than the person who discovered the problem, the hospital has no reason to believe anyone else improperly accessed the information.

The database was separate from the hospital's network.

"Although we have not identified any instances of identity theft relating to this situation, we nevertheless recognize that this can be a concern for individuals whose data may have been subject to unauthorized access," Dale Witte, CAMC Marketing and Public Affairs said. "We are accordingly offering all of the patients whose data was potentially exposed a full year of credit monitoring at our cost, through one of the three national credit bureaus, Equifax."

The Attorney General's Office tells WSAZ.com there is no time limit in West Virginia to notify victims, but his agency waited to notify the public because information was cached by Google. That means someone could still access the information. The Attorney General wanted to get all of the information off before going public with the information.

According to the Attorney General, the site had 94 hits until the problem was found. Most of the hits were authorized, but McGraw says some were troubling, including two hits from out of the country.

The Attorney General says there is concerned that criminals may try to use the information.

The security breach affects patients with pulmonary issues, mostly seniors, according to the Attorney General's Office.

CAMC will send patients a notification package, detailing what they need to do. The hospital is also offering to pay for the patients to apply a security freeze at all three national credit bureaus, to block any unauthorized persons from taking out new credit in their name, according to a news release.

Patients who believe they may be affected by this incident can call 855-388-6699 on weekdays from 8:00 a.m. until 5:00 p.m.

"We recognize that the confidence of our patients and the community may be shaken because of the action of our vendor and we are deeply sorry for that," Witte said. "Please be assured that we have worked around the clock with assistance from external privacy and security advisors to evaluate and address this situation, and taken actions to ensure appropriate safeguards will be put in place throughout our organization to protect the personal data that we collect and hold about our patients and other individuals."

According to a news release, Attorney General Darrell McGraw will discuss how the breach affects the personal information of more than 3,600 local residents on Wednesday.

During the news conference, the Attorney General is expected to give details about the breach and steps that the hospital will take to resolve it.

A spokesperson with the Attorney General's Office tells WSAZ.com no other information will be released until the news conference on Wednesday. the news conference is set for 10:00 a.m. at the West Virginia State Capitol.

Keep clicking on WSAZ.com for the very latest information.