BJC HealthCare in St. Louis said Dec. 18 that malware on its website may have exposed credit card information from 5,850 individuals, the St. Louis Business Journal reports.
The health system's internal investigation into the incident found that malicious software had enabled an unauthorized user to electronically collect payment information entered into its online payment portal from Oct. 25 through Nov. 8. No Social Security numbers or medical data were compromised, but patients' names, dates of birth and billing account numbers may have been stolen.
"BJC has no indication to date that any information was actually misused," BJC officials told the St. Louis Business Journal. "As a precaution, individuals whose payment information may have been exposed are advised to carefully review credit card and bank statements and immediately contact their credit card holder or banking institution about any inconsistencies or suspicious activity."
BJC has implemented additional security procedures to prevent similar incidents going forward.