ST. LOUIS — Some BJC HealthCare patients had their personal information exposed in a hacking incident involving several doctors’ email accounts, which lasted nearly a month.
The health care company said Friday that someone gained “unauthorized access” to a "small number" of email accounts belonging to BJC physicians and resident physicians. BJC did not specify exactly how many employees were affected. The emails were accessible from March 4 to 28.
BJC said an investigation into the incident is underway.
So far, they haven’t been able to determine whether any emails or attachments in the affected accounts were actually viewed by the person who gained access to them.
BJC officials have been looking through the emails to identify patients whose information was mentioned in the documents. Personal details may have included names, birthdays, medical record numbers, clinical information, health insurance information and Social Security numbers.
So far, BJC has identified these hospitals and service organizations as being affected by the incident:
- Alton Memorial Hospital
- Missouri Baptist Medical Center
- Barnes-Jewish Hospital
- Missouri Baptist Sullivan Hospital
- Barnes-Jewish St. Peters Hospital
- Parkland Health Center Farmington
- Barnes-Jewish West County Hospital
- Parkland Health Center Bonne Terre
- Christian Hospital
- Progress West Hospital
- Memorial Hospital
- St. Louis Children’s Hospital
“BJC has no evidence that patient information has been misused as a result of this incident,” the hospital stated in an emailed release Friday.
BJC has started mailing letters to patients whose information was vulnerable to the hack. Notices will continue to be sent out to additional patients as the health care provider’s investigation progresses.
All patients are urged to monitor statements from their health insurance companies to make sure they are not being charged for services they did not receive.
The hospital system set up a toll-free number where patients can ask questions. The number to call is 1-855-503-2933.
Free credit monitoring and identity protection services will be offered to patients whose Social Security or driver’s license numbers were identified in the email accounts.
“BJC is committed to protecting the confidentiality and security of patient information and regrets this incident and any concern or inconvenience it may cause,” the hospital said in the release. “To help prevent something like this from happening in the future, the accounts were secured and BJC is reinforcing education on how to identify and avoid suspicious emails.”