One compromised database contained the names, addresses, Social Security numbers and birth dates of patients and parents. An investigation into the matter has found no evidence that any of the information was exposed, according to a hospital statement.
The second breached database contained the financial information - including unencrypted bank account and routing numbers - of hospital donors.
The patient and family database contained the personal information of about 230,000, while the other database contained that of 12,000 donors, according to press reports.
The breach was discovered Sept. 6. The hospital did not notify law enforcement authorities until more than a month later, however, because it employed a consulting firm to investigate.
The investigation found no evidence that the information was downloaded or compromised, but the opportunity to view the data existed, according to the hospital.
"We wanted to understand the full scope of the situation before we notified people. So as soon as we identified the unauthorised entries, we contacted a computer security consulting firm, to begin a forensic investigation to determine the extent of the breach," read a statement form the hospital. "In addition, we needed to consult with the appropriate authorities so we knew exactly what steps we needed to take. We also began the process of establishing an information line and website to help answer questions related to this situation."
Click here to email Frank Washkuch Jr.