WA: Social Security Numbers of 20,000 Swedish Med. Ctr. employees exposed on the web for 9 weeks
Carol M. Ostrom reports:
Swedish Medical Center is alerting nearly 20,000 current and former employees that their personal information — including Social Security numbers — was accidentally made accessible on the Internet for a nine-week period.
Read more on Seattle Times.
A notice to employees, on an internal page of the medical center’s web site reads:
July 20, 2011
Notice: Accidental Disclosure of Employee Data
SEATTLE, July 20, 2011 – Swedish today announced that it has begun notifying 19,799 current and former employees that some of their personal information was inadvertently made accessible from the Internet for a nine-week period between mid-April 2011 and June 17, 2011. The disclosed information included first and last names and Social Security numbers.
Affected individuals include some, but not all, employees who worked at Swedish during all or part of the following years: 1994, 1995, 2002, 2003, 2004 and 2006. It does not affect employees who worked for Swedish Physician Division during that time period.
There is no evidence that any data has been used for identity theft or other illicit purposes. In addition, the information is no longer accessible online, as it was immediately removed upon learning of the accidental disclosure. Swedish is taking measures to support the affected individuals, including engaging an experienced firm specializing in personal data security to assist the individuals at no charge.
Swedish has contracted with Kroll, Inc., the world’s leading risk consulting company, to provide affected individuals free access to its ID TheftSmart™ service via packets mailed to them. Swedish leaders are encouraging the affected individuals to be vigilant and to contact Kroll if they notice any unusual activity.
“We take our responsibility to protect employee information very seriously,” emphasizes Joanne Suffis, Swedish vice president of Human Resources. “This incident was highly unusual, and we sincerely apologize for any concern or inconvenience it may cause current and former staff members and their families.”
Swedish has not used Social Security numbers as the employee ID since 2004 and has policies on employee use of Swedish information systems and remote access. Additional staff education is being conducted and further measures are being deployed to help prevent future occurrences.
“While it may be impossible for any large organization to completely eliminate mistakes like this, we are taking all necessary steps to review and strengthen internal procedures to ensure Swedish provides the highest level of employee data security,” says Suffis.
Estimated delivery date of letters to affected individuals is between Friday, July 22 and Monday, July 25. Swedish has established a phone line through Kroll. Anyone with questions is welcome to call 1-855-294-2544. Thank you for your patience.