Jefferson Hospitals' President and CEO Thomas J. Lewis tells Action News he was in "disbelief" when he learned 21,000 patients had their personal information stolen. Now, the hospital is trying to mitigate the impact.
Former patient Paul Smith was treated for a blood clot in 2008. This past Monday, he got an urgent letter from Thomas Jefferson University Hospital.
He learned his personal information including his birth date, social security number, and insurance information had been stolen.
"I was baffled, I couldn't believe it. I actually had one of my friends read it," Smith said.
The hospital says an employee broke company protocol when he downloaded the information of 21,000 patients to his personal laptop.
Last month, the laptop was stolen from a hospital office.
The data was not encrypted.
Smith wants to know, "What happened? Why was my data being stored on a personal computer?"
One woman who spoke with Action News also received the letter, but she did not want to her identity revealed.
"This is a lot of information, personal information, my insurance information, my medical records, my husband's social security is at risk because of the medical coverage," she said.
She has since filed a police report and hired a lawyer.
"I trust this hospital, the doctors there are great, and for something this serious to happen to 21,000 people is just ridiculous," she said.
Ironically, the hospital says the employee involved in the breach was researching quality care improvements when the information was compromised.
All of the patients affected were inpatients from March 9th to June 1st and August 1st to November 1st of 2008.
Police are handling the investigation.
The hospital has since hired Kroll Incorporated, a consulting company that specializes in identity theft solutions, to deal with the potential impact.
"I can't believe this is happening in a hospital that's a university hospital, a trauma center, and these people let it happen," Smith said.
The hospital would not say if the employee has been fired, but that appropriate action has been taken. The hospital says so far it appears no one has had their identity stolen.
Anyone who believes they've been victimized is urged to call Kroll Incorporated at 1-877-309-0186 for more information (9 a.m. to 6 p.m. Eastern Time, Monday – Friday).