Personal information for thousands of Bon Secours patients left online

Posted at 1:02 PM, Aug 12, 2016

RICHMOND, Va. -- Bon Secours Health System is alerting more than 650,000 patients after personal information was left unsecured on the internet. Data left exposed included patient names, health insurer’s names, health insurance identification numbers, social security numbers, and clinical information.

Bon Secours operates St. Mary's Hospital in Henrico, Memorial Regional Medical Center in Mechanicsville, Richmond Community Hospital in Richmond, St. Francis Medical Center in Midlothian, and Rappahannock General Hospital in Kilmarnock. Around 437,000 of the 650,000 impacted patients are in Bon Secours Virginia, which includes both Bon Secours Richmond Health System and Bon Secours Hampton Roads Health System.

The data was available online when a company working for Bon Secours adjusted its network settings and "inadvertently left files containing patient information accessible on the internet," a Bon Secours spokesperson said. Bon Secours discovered the mistake in June and "immediately notified R-C Healthcare to secure the files."

"Bon Secours has no knowledge or indication of fraudulent activity resulting from R-C Healthcare’s oversight, but is making identity protection, credit monitoring and alert services available to affected patients for one year at no expense to the patient," the Bon Secours Health System spokesperson continued. "Medical records were not included, and Bon Secours has no knowledge that the information contained within the files has been misused in any way."

Bon Secours is sending letters to affected patients. More information is here.

"We take the privacy and security of our patients’ information very seriously and require our vendors to do the same," Richard Statuto, Bon Secours president and CEO, said in a statement. "In addition to notifying all those potentially involved and providing them with identity protection and credit monitoring, we are working with all of our vendors to reinforce our high standards and expectations regarding privacy and security of information."