Sensitive Data Stolen From St. Mary's Hospital; Marshalls, TJ Maxx Operator


Critical customer data stolen from both St. Mary's Hospital of Leonardtown and national retail store operator TJX Companies, Inc. Md. Attorney General advises consumers to take steps to protect themselves.

LEONARDTOWN, Md. - A laptop computer containing sensitive patient information was stolen from the Emergency Care Center of St. Mary's Hospital in Leonardtown, Md. According to a letter sent out to certain customers of the hospital, "The computer contained identifying information including names, social security numbers and birthdates for many of our patients." The letter further states that "the laptop did not contain any patient health or financial information," even though it is commonly known that social security numbers are the key to anyone's financial information.

Even though the letter is dated Jan. 26, 2007, our source reports that they did not receive the letter until Feb. 7.

To help those whose information was on the compromised computer combat possible identity theft, the hospital says that they have enlisted a private data security firm. The service will essentially monitor credit reports from the three major credit reporting firms and watch for indications of identity theft. However, the letter makes no mention of any relief that the hospital plans to offer anyone who in fact falls prey to identity theft as a result of the computer theft. Identity theft can often require a tremendous number of hours over a long period of time in order to correct the damaged person's credit rating and financial affairs.

The hospital promises customers in their letter that they have taken steps to prevent any future problems: "New hospital policies have been established to prevent future incidents, and all employees are now required to review the proper procedures for handling sensitive electronic information. Additionally, the missing laptop has been locked out of all hospital systems."

The entire letter is reprinted at the bottom of this article.

In related news, the Maryland Attorney General also reported another case of theft of sensitive customer data from a large corporation which operates several nationwide chains, including Marshalls, TJ Maxx, HomeGoods, and A.J. Wright.

TJX Companies, Inc. recently announced that it had determined that information was stolen from its computer system that processes and stores information related to customer transactions. TJX reported that information regarding credit and debit card sales transactions in TJX's stores during the period from mid-May through December 2006, and during 2003, may have been accessed. Maryland consumers who shopped at one of these stores during these time periods and who used a credit card, debit card or a check to pay for goods, may be affected by the breach.

TJX has established a toll free customer help line. Callers from the United States may reach the help line at (866) 484-6978. TJX has also posted information on its web site at http://www.tjx.com.

Maryland Attorney General Doug Gansler advised all consumers, who believe they may be affected by potential identity theft, to consider taking the following precautionary steps:

1. Monitor your credit reports to look for any signs of fraudulent activity, such as new credit accounts opened that you did not request.

Under federal law, each of the nationwide consumer reporting companies – Equifax, Experian, and TransUnion – upon your request, must provide you with a free copy of your credit report once every 12 months. To obtain a free copy of your credit report under federal law, visit http://www.annualcreditreport.com, call 1-877-322-8228, or write to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. In addition to this federal right, a Maryland resident has the right to a second free annual copy of his or her credit report. To request a free credit report under state law, contact the credit reporting companies directly: Equifax, 800-685-1111, http://www.equifax.com; Experian, 888-397-3742, www.experian.com; TransUnion, 800-916-8800, http://www.transunion.com.

You can request your report from each of the three credit reporting companies at once, or you can only order one or two at a time. If you are concerned about identity theft, it could help to stagger your requests. For example, request one report from an agency this month, request another report from another agency next month, and request a third report from the remaining agency the following month. This may help you spot suspicious activity as soon as possible.

2. You may wish to put a fraud alert on your credit file, which will alert potential creditors to take additional precautions when reviewing applications for credit in your name.

You can request a fraud alert by calling any one of the three credit reporting agencies at their fraud department numbers below. The company you call is required to contact the other two so that they can put a fraud alert on their file too. Ask to add a victim’s statement to your report, such as, “My identifying information has been stolen. Contact me at [your telephone number] to verify all credit applications.” Fraud alerts are placed for at least 90 days.

Equifax: Report fraud: (800) 525-6285

Experian: Report fraud: (888) 397-3742

TransUnion: Report fraud: (800) 680-7289

You should keep in mind that placing a fraud alert will take more time for you to open new lines of credit and may prevent you from opening a new credit account at a store to make an immediate purchase. These inconveniences may be worthwhile if it prevents you from becoming a victim of identity theft.

3. Monitor your bank and credit account statements for any signs of unauthorized activity.

You should look for charges made to your credit card, or withdrawals from your bank account that you did not make. Other events that might indicate fraud include the following:

• Receiving credit cards that you did not apply for.

• Being denied credit, or being offered less favorable credit terms, like a high interest rate, for no apparent reason.

• Getting calls or letters from debt collectors or businesses about merchandise or services you did not buy.

If you do find fraudulent activity, you should immediately contact the fraud department of the bank, credit card or other company with whom an account has been fraudulently opened or tampered with. You should also contact the police to file a report. Follow the steps in the Maryland Attorney General’s pamphlet Identity Theft: What to Do If It Happens to You, which you can download by going to http://www.oag.state.md.us/consumer/idtheft.htm. The Federal Trade Commission’s Identity Theft website also has useful information and form letters that identity theft victims can use, including a fraud affidavit form accepted by many businesses: http://www.consumer.gov/idtheft.

Letter from St. Mary's Hospital to Customers

January 26, 2007

Administrators at St. Mary's Hospital recently learned that a laptop was taken from the Emergency Care Center. The computer contained identifying information including names, social security numbers and birthdates for many of our patients. It is important to note that the laptop did not contain any patient health or financial information.

At this point, appropriate law enforcement agencies have been notified, and St. Mary's Hospital is fully cooperating to expedite the investigation. Recognizing the urgent nature of this situation, our facility has taken strong measures to ensure that similar incidents do not occur in the future. Effective immediately, sensitive patient data will no longer be accessible on any portable electronic devices. Furthermore, we are reviewing applications to encrypt data on our laptop computers and implementing password access to provide additional safeguards.

New hospital policies have been established to prevent future incidents, and all employees are now required to review the proper procedures for handling sensitive electronic information. Additionally, the missing laptop has been locked out of all hospital systems.

While you do not need to take any action, there are steps you may take to protect yourself against possible identity theft. Be aware of any suspicious activity as well as phone calls, emails or other communication from individuals asking for your personal information or verification of it.

St. Mary's Hospital has retained National ID Recovery, LLC, an organization specializing in managing situations in which data may have been compromised. If you choose to participate, National ID Recovery will monitor your information for potential identity theft. To enroll in this free program, please call [phone number] to speak one-on-one with a trained paralegal. Included in the plan is fraud alert placement and reports from three major credit bureaus as well as monitoring throughout the coming year. National ID Recovery can enroll you in [proprietary service], a nationwide search to offer further protection and provide tri-merged credit reporting with daily fraud monitoring. There will be no costs for you to receive this service and protection.

We sincerely apologize for any concern this incident may cause you, but believe it is important for you to be fully informed of any potential risk, Again, we want to assure you that we have no evidence that your information has been misused, and we will keep you aware of any further developments.

Sincerely,

Christine R. Wray President & CEO

Featured Sponsor

Charles County Technology Council
CCTC is a cooperative alliance dedicated to the advancement of people, technology, and ideas, in Charles County.

Reader Comments

Featured Sponsor

Brinsfield Funeral Home, P.A.
The Golden Rule Funeral Home, serving all of Southern Maryland.

Need Legal Representation?

Five So. Maryland locations to serve you. Personal Injury, Criminal Defense, DUI Defense.

Follow SoMd HL News