Concord, Mass.-based Emerson Hospital sent letters to 6,314 patients alerting them of a May2018 cybersecurity attack that may have affected their information, according to the HIPAA Journal.
The security incident, which happened between May 9-17, was the result of a former MiraMed Global Services, a company that helps hospitals collect payments, who sent patient files to an unauthorized third party.
Information that may have been affected included names, addresses, Social Security numbers and insurance policy information. Specific health information found within patients' EHR was not compromised.
The MiraMed employee who sent the files has since been fired. It is unclear if the employee has been charged with theft since the company reported the incident to local law enforcement.
A spokesperson for the hospital downplayed the stolen information. "A detailed forensic investigation showed that the files were of such poor quality that a third-party did not find the data useful," the spokesperson said, according to the HIPAA Journal.
Regardless, the hospital is offering patients identity theft protection services.