Christus St. John Hospital Data Breach (2012)

Houston-based CHRISTUS St. John Hospital fell victim to unencrypted device theft in late September when a memory stick containing patient data was lost on the hospital campus. The hospital notified affected patients on Nov. 16 on its website after it learned about the breach on Sept. 25. However, it also told the New Hampshire Attorney General’s Office of the breach on Nov. 16 through its New York-based law firm Baker & Hostetler, as the firm reported that a New Hampshire resident’s information was on the lost device. The number of patients affected hasn’t been determined, but patient information included name, date of birth, Social Security number, health insurance information, diagnoses, and progress notes on patients in the St. John Sports Medicine Program from Jan. 1, 2011 to July 31, 2012.