Stevens Hospital Notifies Patients after Subcontractor's Computer Security Lapse Makes Identifying Information Accessible on Internet

June 4, 2007

Business Wire

Stevens Hospital is notifying patients that some patient names and other identifying information were accessible on the Internet following a lapse in a subcontractor.s computer security.

The records' privacy was restored after the hospital coordinated with the subcontractor and a search engine to block access to the information. No patient care, medical record or credit card information was involved, but the accessible information did include patients. names, addresses and Social Security numbers. Stevens believes that fewer than 550 patient records were affected, and those patients are being notified.

"Our patients. privacy is our highest concern, along with their health and well-being," said Mike Carter, the hospital's president and chief executive officer. "Once we learned of the situation, we took swift, strong action to restore the security of their personal information."

"We deeply value our relationship with our patients, and we regret any concerns or inconvenience this incident may cause them," he said.

The hospital has opened a hotline for patients to provide information on monitoring and protecting their personal information. The phone number is (425) 673-3745.

A web page also has been established with similar information. The web address is

Carter said the hospital is still investigating the incident, which occurred when one of Stevens. subcontractors had a lapse in its data security procedures. One of the subcontractor's computer servers was unsecured, permitting an Internet search engine to access the information.

The hospital made the announcement today to avoid calling attention to the patient information until it could be blocked and removed, Carter said. There is no indication that any information has been misused, he said.

main page ATTRITION feedback