Privacy Daily is a service of Warren Communications News.

Health Care System Data Breach May Have Exposed Personal Information of 437,000 Patients

Health care system Ascension on Thursday notified more than 437,000 patients that their demographic information may have been exposed during a data breach that was discovered in December.

Sign up for a free preview to unlock the rest of this article

Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.

In a letter, the company said it learned of a potential security incident on Dec. 5 related to one of its business partners.

After an investigation, which ended Jan. 21, Ascension determined it accidentally disclosed certain personal information to a former business partner, which was likely stolen from that person because of a vulnerability in third-party software. Ascension didn't indicate when the information was stolen.

The investigation found compromised personal information including addresses, phone numbers, race, gender and Social Security numbers. Additionally, information related to inpatient visits, including physician names, diagnoses, billing codes, medical record numbers and insurance company names were affected.

Ascension is offering two years of complimentary identity monitoring services and said it “regret[s] any inconvenience" the breach may have caused. Following the incident, Ascension said it has “since reviewed [its] processes and [is] working to implement enhanced measures to prevent similar incidents from occurring in the future.”