A security breach at BJC HealthCare left personal information on 33,420 patients potentially available to the public, a company spokeswoman said today.
The patients’ medical records, names, addresses, telephone numbers, dates of birth, Social Security numbers, drivers license numbers, medical and insurance information were accessible through the Internet from May 9, 2017, to Jan. 23, 2018, because of a “data server configuration error, discovered during an internal security scan,” said Kimberly Kitson, the company’s director of communications.
The documents came from hospital visits from 2003 to 2009. There is no indication that personal information was accessed or stolen by an outside party, Kitson said.
The patients were sent letters explaining the situation and offered free identity theft protection. The company improved its information systems after discovering the error.
Patients with questions are asked to call 844-416-6281.