- Renovations Underway at Auto Auction Park
- Purdue Names Agronomy Head
- Reiner Film to Premiere in Indianapolis
- Northwest Indiana Projects to Receive Funding
- Southwest Indiana Coalition Secures 35 Grants in 2010
- Charter Schools Name Leaders
- [UPDATED] [VIDEO] Anderson Poised For Colts Return
- American Eagle Adding New JFK-Indy Service
- Lilly Could be Eyeing Copenhagen Company
updated: 7/25/2007 12:17:32 PM
[UPDATED] St. Vincent Patients' Personal Information Made Available Online
St. Vincent Indianapolis Hospital says it has notified 51,000 patients that a security lapse by one of its subcontractors allowed the patients' personal information to be accessed online. St. Vincent Spokesman Johnny Smith says it has no confirmation that any of the affected patients had their information accessed, retrieved or compromised.
Source: Inside INdiana Business
FrontPg.jpg)
Smith says the lapse in security took place this spring. Smith talks about how the incident occurred.
The hospital has established a call center and encourages patients who received the letter to contact CSIdentity at 1-877-274-7401.
Press Release
INDIANAPOLIS – St.Vincent Indianapolis Hospital officials have informed a select number of patients that their personal information was accessible on the Internet following a subcontractor’s security lapse.
The faith-based institution mailed letters to inform patients that their names, addresses and Social Security numbers were briefly unprotected on an Internet search. No confidential medical information was available, and St.Vincent has no confirmation indicating if any patients’ personal information was accessed, retrieved or compromised in any way.
St.Vincent had subcontracted with Verus, Inc., a Washington-based patient accounts firm, to implement a system that allows patients access to pay their health care bills online. While testing the system, a Verus technician incorrectly made a change to Verus’ Internet server, which left St.Vincent test data vulnerable to Internet searches. The subcontractor’s mishap also affected patients treated at other hospitals throughout the country.
Since the subcontractor’s lapse, St.Vincent confirmed that the security of the information was restored and implemented additional safeguards to further protect the information. The 126-year-old health care provider also terminated its business relationship with Verus, and partnered with CSIdentity Corporation to provide the affected pediatric and adult patients with one free year of CSIdentity Protector™ service and a free Credit Report.
“We are committed to protecting the privacy of our patients, and deeply regret any inconveniences caused by this subcontractor’s security lapse,” said Susann Stephenson, RN, JD, patient safety officer of St.Vincent Hospital. “It is our obligation to inform patients of this situation, and provide them with the necessary resources to ensure protection of their personal information.”
St.Vincent is encouraging patients who receive a letter to sign up for the CSIdentity service by visiting www.csidentity.com/stvincent. The hospital also established a call center and encourages patients who receive the letter to contact CSIdentity at 1-877-274-7401.
“Once informed of the subcontractor’s security lapse, we took immediate actions to restore all of the affected patients’ data, and implemented processes to assist our patients,” said Stephenson. “We will continue to routinely screen and monitor our subcontractor relationships to ensure that patient information is protected.”
Source: St. Vincent Indianapolis Hospital
