Any consumer that had dealings with South Shore Hospital in Weymouth, Massachusetts, in the last 14 years should be aware that they are at risk for identity theft.
According to a report in the Boston Globe, the hospital sent out computers containing data in an obsolete format to be destroyed by a third-party contractor in February, but recently learned that some of those files have gone missing. The hospital said that personal and medical information for 800,000 patients, doctors, volunteers, employees, donors and business partners that had dealings with it between January 1, 1996 and January 6 of this year were included in the lost data.
The Globe said the missing data included names, addresses, phone numbers, dates of birth, Social Security numbers, driver's license numbers, and other personal information. People that were patients at the hospital may have also had their medical record numbers, patient numbers, health plan information, dates of service, diagnoses, and treatments exposed.
The hospital told the paper that an independent information security consulting firm has determined that any potential hackers would need special software, hardware and technical knowledge to open and read the files. There is no indication that the information on the files has been used improperly at this point, the hospital said.
The Globe said that South Shore shipped backup computer files to a contractor for destruction on February 26, but never got notification that the files had been destroyed. It finally learned that only a portion of the shipped material had been received on June 17. In keeping with Massachusetts law, the hospital will notify every person whose information may have been breached of the potential identity theft risk by mail in the near future. Companies are also required to notify the state attorney general's office when they know or suspect that personal information data for consumers has been breached.
Any consumer that had dealings with the hospital since 1996 should be aware of the potential threat to their financial well-being. It is important that they contact all three credit bureaus to put fraud alerts on their credit reports, and carefully monitor their credit card statements for any charges they don't recall making. In addition, since the data has been missing for about five months, they should check their credit reports to ensure that no new accounts have been opened.