Thousands of Erlanger hospital employees. names and personal identifying information stored electronically disappeared from a locked office on Sept. 15, and employees are hearing about the loss in letters sent to their homes this weekend, hospital officials said.
"We did our own investigation of the incident," Erlanger officials said. "We needed to determine who was affected and who was not affected and what was on database. Within 24 hours of determining what the database was, we got the letters out."
According to the letters, sent Friday afternoon to about 4,150 current and former employees thought to be affected and about 2,050 current employees who were not, the names and accompanying personal information were stored on a USB storage device, also known as a "jump drive."
The database information was limited to names and Social Security numbers, Erlanger officials said.
Those people affected include anyone who went through what hospital administrators described as "status changes," such as hiring, termination, retirement or resignation, or changing titles or departments between November 2003 and September 2006.
Erlanger officials said an employee who was authorized to use the information was working with the data in a "secured area," and noticed on Sept. 15 that the device was missing.
It remains unclear whether the information was lost, misplaced, or was stolen. Erlanger officials said there was no sign of a break-in to the office where the employee was working.
"This guy was working on it ... it was on his desk, and then it was gone," Erlanger board Chairman Bob Johnson said. He said he thinks the storage device was thrown away accidentally.
"It should take care of itself," he said. "I don't think it was one of those situations where somebody was trying to steal identities."
He said his understanding was that the employee who had been working on the information told supervisors right away when he realized the device was missing.
Erlanger spokeswoman Nancy White said she could not identify the person or say whether the employee was disciplined in any way.
"This issue has allowed us to thoroughly examine every aspect of our information security program and implement ongoing safeguards immediately to ensure that this does not happen again," CEO Jim Brexler wrote in the letter sent to employees.
Erlanger officials said that although they don't know whether the information was stolen, they would do "whatever is necessary" to help employees protect their credit, including paying for credit monitoring or credit reports.