More than 100,000 affected by data breach at research hospital
Boys Town National Research Hospital, in Omaha, Nebraska, announced July 20 that it had discovered a data security incident that may have affected the personal health information (PHI) of 105,309 individuals.
In its notice, Boys Town stated it became aware of unusual activity relating to an employee’s email account May 23. Following an investigation, the hospital determined that an unknown individual had access to the email account and confirmed that patient PHI may have been accessible because of the incident. The PHI that may have been accessible includes the following:
- Names
- Dates of birth
- Social Security numbers
- Diagnosis or treatment information
- Medicare or Medicaid identification numbers
- Medical record numbers
- Billing/claims information
- Health insurance information
- Disability codes
- Birth or marriage certificate information
- Employer identification numbers
- Driver's license numbers
- Passport information
- Banking or financial account numbers
- Usernames and passwords
Boys Town stated it has not received any reports of misuse of the information but is notifying the patients who may have been affected and offering one year of free identity protection services. The hospital also set up a hotline to respond to questions and concerns that affected individuals may have about the incident.