More than 30,000 patients of BJC HealthCare may have had their personal data breached, the company announced Monday.
BJC HealthCare has notified 33,420 patients of a configuration error in a data server that made it possible for stored images of documents to be accessible via the internet from May 9 to Jan. 23.
The documents included scans of patients’ driver’s licenses, insurance cards and treatment documents collected from 2003 to 2009. Exposed data may have included addresses, dates of birth, Social Security numbers, driver’s license numbers, phone numbers and other private information.
BJC stated in a release that they do not have evidence any personal data was accessed, and the server has been reconfigured. BJC is offering patients free identity theft protection “out of an abundance of caution,” according to the release.
Anyone whose data was stored on the server has been mailed a letter explaining what occurred and how to enroll in the free identity theft protection. Questions may be directed to 844-416-6281.
BJC HealthCare includes 15 hospitals and multiple other health service organizations in Missouri and Illinois, including Alton Memorial Hospital, Memorial Hospital in Belleville and Shiloh, the Siteman Cancer Centers, BJC Hospice, St. Louis Children’s Hospital and Barnes-Jewish Hospital, among several others.