In June, Kaye-Smith, the health system’s billing services vendor, discovered the data breach, which occurred in late May.
On July 6, the vendor notified St. Luke’s Health System that the breach had compromised the protected health information of patients at its health system, including patient names, insured names, addresses, phone numbers, ID numbers, dates of birth, last five digits of Social Security numbers, descriptions of services, amounts billed, outstanding balances, payment due dates and status of the accounts.
Since the incident, the health system said it has stopped working with the vendor.
St. Luke’s said it also has found no evidence to indicate that the compromised information has been misused. The health system is notifying affected patients and offering free credit monitoring.
