Patient Information Exposed In Hospital Security Lapse

Jul 24, 2007


INDIANAPOLIS -- A security lapse at St. Vincent Hospital in Indianapolis compromised the names, addresses and Social Security numbers of about 51,000 patients.

St. Vincent notified patients by mail last week that personal information had been exposed, 6News' Cheryl Jackson reported.

Mark, who didn't want his last name revealed, talked with 6News about the lapse, which left his personal information and that of thousands more unprotected on the Internet.

"I would hope a reputable company like St. Vincent would have learned from other people's mistakes," Mark said.

St. Vincent officials said the problem happened when they subcontracted Verus Inc. to set up a program that would allow patients to pay bills online.

"The Verus technician made a change to the Internet server, which left some of our patient information online, unprotected," said Johnny Smith, a spokesman for St. Vincent.

Hospital officials said the information was left unprotected for a "brief time," but said it is possible that no one accessed it.

"We have no way of knowing if the information was compromised, accessed or retrieved in any way," Smith said.

The hospital will pay for a year a credit monitoring for each patient whose personal information was exposed.

"We took the proactive steps to help our customers by providing them with the necessary resources to make it through this inconvenient time," Smith said.

"They said it happened last week, and I got this letter on Friday," Mark said. "So, I think they have been proactive."

Smith said the hospital is no longer working with Verus. He said that anyone who needs further help in relation to the situation to call or come to the hospital.

main page ATTRITION feedback