ST. LOUIS – According to a press release on Monday, BJC HealthCare notified over 33,000 patients that a data server configuration error, discovered during an internal security scan, made it possible for stored images of identifying documents to be accessible through the Internet without the appropriate security controls during the time period of May 19, 2017, to Jan. 23.
Scanned documents on the data server included copies of patient driver’s licenses, insurance cards, and treatment-related documents that were collected during hospital visits spanning 2003 to 2009.
Patient information that was potentially accessible included name, address, telephone number, date of birth, Social Security number, driver’s license number, insurance information and treatment-related information.
The BJC investigation did not reveal that any personal data was accessed. Since the potential for access existed, BJC offered affected patients complimentary identity theft protection.
BJC has implemented additional information systems processes to prevent further errors of this nature in the future.
According to a press release, patients whose data was stored on the server have been mailed a letter explaining what occurred, how to enroll in identity theft protection as a precaution, and who to contact with any questions. Patient questions can be directed to 844-416-6281.
