ST. PETER'S HEALTH PARTNERS Data Breach (2014)

St. Peter's Health Partners, the Albany, New York region's largest hospital system, is notifying 5,117 of its patients that some information about them was involved in a potential data breach after a manager's cellphone was stolen. The incident affected patients at St. Peter's Medical Associates P.C., one of the system's physician groups. The manager's cellphone had access to corporate email systems, but St. Peter's officials said they received no reports that patient information has been improperly used. The affected data included scheduling details, such as the patient name and date of birth, as well as the day, time and location of medical appointments, along with a general description of the reason for the appointment. The breach primarily involved data from August to November 2014. The emails did not include other medical records and personal identity information, such as financial accounts and Social Security numbers. Two patients' home addresses and phone numbers were included in the emails and they were notified previously. Hospital officials said they learned of the phone theft and potential breach on Nov. 24. They reported it to law enforcement and took other cyber security steps, such as remotely wiping data from the device and disconnecting it from the hospital system's corporate email system. The hospital system, which has about 12,500 employees total, and is the region's largest private-sector employer, announced today it has sent notifications to all 5,117 patients affected by the breach. "While at this time we believe the risk is low that the data on these individuals was accessed, we are committed to doing all we can to protect each and every one of them," Donald Martin, chief executive officer of SPHP Medical Associates, said. The stolen cellphone was password protected, but was not encrypted in accordance with St. Peter's Health Partners customary security procedures, according to the hospital system.