Insider Breach Exposes Flowers Hospital Laboratory Data

Alabama’s Flowers Hospital recently began notifying an undisclosed number of patients that their personal information may have been stolen by a former employee (h/t Becker’s Hospital CIO).

“Flowers Hospital’s laboratory processes lab tests submitted to us by your health care provider,” hospital privacy officer Patti Hatcher explained in the notification letter [PDF]. “Unfortunately, we discovered on February 26, 2014, that an employee in our laboratory was taking lab forms containing patient personal information, and that he may have attempted to use that information to file fraudulent tax returns.”

The employee was fired and arrested, and the hospital is cooperating with law enforcement as it investigates the crime.

The hospital’s own internal investigation determined that the files, which were stolen sometime between June 2013 and February 2014, included patients’ names, addresses, birthdates, Social Security numbers, and health plan policy numbers. The files also listed the names of lab tests that had been ordered, and sometimes showed the diagnosis.

All those affected are being offered one free year of access to Experian’s ProtectMyID Elite service.

“Please be assured that we have taken steps to prevent this from happening again,” Hatcher wrote. “Although the lab forms were in a locked area to which only employees had access, we have now moved the lab forms to a supervisor’s office that is locked when unattended and is not open to anyone other than the supervisor.”

Patients with questions are advised to contact (855) 417-2616.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles