Hospital warns of possible data leak

July 24, 2008

By Jason Hidalgo

http://www.rgj.com/apps/pbcs.dll/article?AID=/20080724/NEWS10/807240352/1321/NEWS



Saint Mary's Regional Medical Center sent warning letters this month to about 128,000 patients and clients after a possible intrusion into a proprietary databases. Advertisement

The database, used for Saint Mary's health education classes and wellness programs, contained personal information such as names and addresses, limited health information and some Social Security numbers. The database did not contain medical records or credit card information, said Gary Aldax, marketing manager for Saint Mary's.

"What happened was that an unauthorized person may have accessed the database," Aldax said. "We're currently working with Equifax, which is one of the three major credit agencies, to help handle this for us.

"In some cases, there were people who had their Social Security numbers (in the database) as well, so we're sending different letters to people depending on their situation."

The potential breach was discovered in April 28. Saint Mary's officials said they immediately shut down the database and launched an investigation. The delay in notifications occurred because the database had to be reconstructed, Aldax said.

Investigators have found no evidence that identity theft or fraud has occurred, he said. But since they cannot be certain, letters were sent informing clients and patients who might be affected by a breach.

Eighty-year-old Wilma Sheldon of Reno thought the letter she received -- dated July 15 -- was a scam when she first read it. Sheldon said she became especially suspicious after she found out her daughter got a letter, too.

The last time her daughter had anything to do with Saint Mary's occurred when she got her tonsils removed about 40 years ago, Sheldon said. The letter has Sheldon seething.

"I threw (the letter) in the waste basket, but then I started to think about it," Sheldon said. "Now I'm just really mad. We're supposed to have this privacy act and all, and that sure sounds like a bunch of baloney now. I think it's awful."

To allay fears, Saint Mary's is offering free credit monitoring for one year to people whose Social Security numbers were in the database. Other patients and clients can place a fraud alert on their accounts at no charge.

To prevent another potential breach, safeguards have been added to the database, said Mike Uboldi, Saint Mary's president and chief executive officer in a news release.

"Our first concern is for the continued privacy and well-being of our patients and customers."


main page ATTRITION feedback