St. Vincent Indianapolis Hospital announced that about 51,000 patients' personal data, including names, addresses and Social Security numbers, in the spring were made publicly available on the Internet due to a security lapse by a subcontractor, the Indianapolis Star reports.
A technician from Verus, a subcontractor that was developing a medical billing Web site for the hospital, made a change to an Internet server that inadvertently made the patient data from a test site publicly available though Internet searches. A hospital spokesperson did not specify how long the information was available but said it was a brief period of time.
The patient data were removed from the Internet after the error was discovered. St. Vincent said it learned of the incident this summer. The hospital noted that no confidential medical information was made available.
The hospital said that it mailed a letter to all of the affected patients last week and will offer one year of no-cost credit monitoring and a credit report to those who were affected.
"We have no confirmation that any patient's personal information was accessed, retrieved or compromised in any way," St. Vincent spokesperson Johnny Smith said. He added that the hospital has ended its relationship with Verus (Lee, Indianapolis Star, 7/25).