The computer contained names, social security numbers, addresses, and diagnostic information on 84,000 patients who were treated at the Saint Francis Broken Arrow outpatient facility prior to 2004, the facility said in a statement.
Saint Francis Health System notified the police when the breach was discovered and sent out notification letters to patients, as well as to employees who had information stored on the computer.
The hospital system said that it is offering an identity theft protection program for those affected by the breach. It stressed that the information was password protected and that it had not received any reports of misuse of the information as a result of the breach.
“The number of records stored on this equipment represents less than five percent of the total number of former patients in our data base”, the statement said.
The medical facility is instituting new information security measures as a result of the breach, including reviewing security processes at all remote information system rooms, improving security data storage technology, and hiring a third-party security company to assist in refining its data security program.
“We sincerely apologize for any inconvenience this has caused our patients and employees from Saint Francis Broken Arrow”, the statement added.