Holy Cross Hospital Notifies Emergency Room Patients of Possible Data Breach
FT. LAUDERDALE (November 10, 2010) – Holy Cross Hospital announced today that it has begun sending letters to notify some of its hospital Emergency Room patients of a possible compromise of personal data from patient data sheets and to offer free credit monitoring services.
Holy Cross Hospital was informed by federal authorities that personal data from 38 Holy Cross Hospital patient data sheets had been recovered in a criminal investigation. Working in cooperation with the U.S. Attorneys Office and U.S. Postal Inspection Service since June, Holy Cross conducted a thorough internal investigation and eventually identified an employee as the source of the data theft. The individual’s employment at the Hospital was immediately terminated.
The investigation determined that this was not a compromise of the hospital’s computer systems or network security, but involved paper copies of patient data sheets. These sheets contained basic identifying information including names, addresses, dates of birth, Social Security numbers, and brief descriptions of initial diagnosis from the Emergency Room visits.
“We place the highest priority on protecting the privacy and security of our patients’ confidential personal information,” said Dr. Patrick Taylor, President and CEO of Holy Cross Hospital. “We expect all Holy Cross employees to reflect this institution’s strong values of caring and dedication to the welfare of our patients. For that reason we are outraged and saddened by this former employee’s violation of that trust placed in us by our patients. We pledge to continue our full cooperation with law enforcement officials and prosecutors to ensure the administration of just punishment to all of those connected with this reprehensible act.”
At this time the hospital believes as many as 1,500 patient data sheets of Emergency Room patients may have been compromised by this employee during the period of April 2009 to September 2010. Since it is impossible to determine the identities of all those possibly affected, the hospital is taking the extra precaution of notifying each patient that came through the Emergency Room during the period of time that the employee worked in the Emergency Room. Patients who received treatment in other hospital departments are not part of this notification and are not affected by this incident. The process of sending out the notification letters began this morning.
“While it may be impossible to absolutely prevent an employee from violating our values and policies for personal gain, we are determined to take all necessary steps to review and strengthen our administrative procedures to ensure that we are providing the highest level of data security possible,” said Dr. Taylor.
According to Dr. Taylor, the hospital has already made a procedural change that limits the amount of key personal data included in the type of documents involved in this incident. The hospital is also conducting a comprehensive review of its systems, policies and procedures to identify any other possible improvements.
In the letter that the affected patients will receive, Holy Cross Hospital is offering one year of free credit monitoring services from Experian to help them monitor against the possibility of identity theft and providing an information line to field patient inquiries (1-800-388-4301).
Additional information is available at www.holycrossIDprotect.com.
Source: Holy Cross Hospital