UPDATED: 1:40 p.m. ET
North Shore-Long Island Jewish Health System has sent letters to about 100 patients from its North Shore University Hospital who have been identified by law enforcement authorities as being victims of identity theft, the healthcare system has announced.
Details are limited "because we do not want to compromise the integrity of the investigation," according to a statement posted on the NSLIJ website
Thursday. The statement noted, however, that nearly 1,000 people throughout the Northeast have been victimized by what it described as an "identity-theft right that extends 'far beyond North Shore University Hospital.' "
"If you have not received a letter from the hospital, law enforcement authorities have not identified you as a victim of this incident and we have no reason to believe that you have been affected," the statement said. Meanwhile, the system is working with New York State Police and the Nassau County District Attorney's office in the investigation and is "taking aggressive steps to further safeguard the security protocols currently in place to protect patient information," according to the statement.
North Shore LIJHS spokesman Terry Lynam said the system first became aware of the breach about a year ago and began notifying patients last July following the arrest of an identity theft suspect possessing "face sheets" from the North Shore University Hospital.
The face sheets are patient information summaries created at admission for billing and care purposes. They list why the patient was seeking treatment as well as names, addresses, dates of birth, Social Security numbers and, if available, insurance information. There have been six such 'incidences" of arrests of one or more identity thieves involving 24 face sheets last year and 103 this year, Lynam said. Arrests were in Massachusetts, New York, New Jersey and Virginia, he said.
Financial fraud, not medical identity theft, so far appears to have been the goal in these breaches, Lynam said.
"From what our investigators were saying, the people who were found in possession of these face sheets were trying to apply for a credit card or to run up charges to the credit cards that were obtained fraudulently," he said. "There was no evidence of them charging up medical bills."
Also, this breach appears to involve only copying of paper records, he said.
"There was no hacking into databases," Lynam said.
Who copied the face sheets "is still a matter for investigation," Lynam said.