Orlando-based Florida Hospital has informed patients that their personal information may have been exposed after two employees printed patient "facesheets" outside of their normal job duties.
These facesheets are summary cover sheets of patient medical records that contain patient names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information, physician names and diagnoses.
Florida Hospital learned of the incident May 2, 2014, but "because giving you notice could have impeded law enforcement's investigation, at their instruction, we were under a 'law enforcement hold' and unable to notify you until now," according to the statement.
The health system fired the employees and says it has "no evidence" the compromised information is being misused.
"Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information," according to the system's notification on its website.
More articles on data breaches:
Premera audit shows payer had known security vulnerabilities prior to cyberattack
After data breaches, states reform encryption laws
Sacred Heart Health System reports data breach affecting 14,000