Wilcox Memorial Hospital officials said they have not yet discovered any cases of identity theft connected to the disappearance of the Social Security numbers of 130,000 former and current Wilcox Memorial Hospital that were lost Oct. 5 when a tiny
Wilcox Memorial Hospital officials said they have not yet discovered any cases of identity theft connected to the disappearance of the Social Security numbers of 130,000 former and current Wilcox Memorial Hospital that were lost Oct. 5 when a tiny thumb drive, used for back-up data, disappeared.
They also still have no idea what happened to the thumb drive.
“Although our internal investigation and work with the Kaua’i Police Department has not turned up anything, it is important for everyone to know that there has been no indication that the storage drive or the information contained on it has been or will be used inappropriately,” said Lani Yukimura, public relations officer for Wilcox Health (Wilcox Memorial Hospital and Kauai Medical Clinic).
“We received several hundred phone calls, the majority of which are from people who are confused or unclear about what they should do,” she said.
“Since we have no indication that the missing information has been or will be used inappropriately, what we’re doing is encouraging callers to carefully review their personal and financial records and, more importantly, to become better educated on identity theft, which is now Hawai’i’s second-highest crime,” said Yukimura.
“We’ve been sharing information with callers from the best resource we could find. That is the Federal Trade Commission’s Web site, which does an excellent job in informing all consumers of what to watch for, and specific actions they can take,” said David Fox, Hawaii Pacific Health privacy officer.
Hawaii Pacific Health is the parent company of Wilcox Health.
The missing data refers only to hospital patients, and does not include medical information, but does include names, addresses, medical record numbers and, as mentioned, Social Security numbers.
The data file goes back 12 years, according to Yukimura, who added that letters have gone out to all 130,000 patients involved.
Hospital officials declined to say in which department the thumb drive was housed, and who were the last individuals to use it.
Yukimura said hospital employees will no longer use portable data for system emergencies, and have changed policies and procedures to improve internal security.
When asked if Wilcox officials had contacted officers with the Federal Bureau of Investigation, Department of Homeland Security and Medicaid, Yukimura said, “we checked with legal counsel, and are not aware of any Hawai’i state law that requires us to have reported the incident to any agencies or to our patients.
“We chose to do so because we felt patients would want to be made aware of the possibility that the information could possibly be misused.”
She said there was also no requirement to contact the FBI or other federal agencies such as Homeland Security or Medicaid, as this is not a situation where identity theft involving criminal activity has actually occurred.
“The FBI, for example, would become involved only if stolen property were to cross state lines (their involvement does not depend on where a person lives). The Kaua’i Police Department is investigating, and it is for them to determine whether other enforcement agencies need also be involved,” she said.
“We again sincerely apologize to our hospital patients for this incident. We want you to know that we continue to do everything we can to find the missing storage drive,” Yukimura said.
Fox encouraged everyone to learn more, and to always be vigilant, regarding their personal and financial information.
The FTC’s online section on identity theft is called Take Charge: Fighting Back Against Identity Theft (this section was formerly titled: “ID Theft: When Bad Things Happen to Your Good Name”).
It can be found at http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm.
Also, in regards to this type of incident happening at other businesses, here is a link that provides more background on the scope of how these types of incidences are on the rise: http://www.privacyrights.org/ar/ChronDataBreaches.htm.
Fox and Yukimura supplied the following information:
. “What should I do? You should check your bank account and credit-card accounts regularly to make sure that no unauthorized activity is taking place. You may also want to ask for your credit report from the three leading credit bureaus mentioned in the letter. There are also many other sources of information, some of which are listed on our Web site at www.wilcoxhealth.org.
. “What does it cost to get my report? By law, each of the nation’s three main credit bureaus are required to provide you with a free report, upon your request, once every 12 months. It also doesn’t cost anything to put a fraud alert on your account, but that is only good for 90 days. Credit bureaus also sell subscriptions for their services that provide reports on a more frequent basis.
. “Can I change my Social Security Number? What we understand is that the Social Security Administration will not change a person’s number unless actual fraud has been committed and, even then, will consider doing so only under certain circumstances. This incident, where there is no indication that fraudulent activity has or will occur, does not appear to provide sufficient cause for changing a person’s Social Security number.”
