A security breach has been discovered in an online scheduling application used two years ago to register more than 4,000 Children’s Mercy Hospital employees and spouses for a wellness program.
The breach, which occurred in the last few months, included names, home and email addresses, phone numbers and dates of birth, according to a statement by StayWell Health Management, which provided the program. Financial and health information and Social Security numbers were not breached, the company said.
“We do not believe that affected individuals are at risk for identity theft, and we do not believe individuals need to take action due to the non-sensitive nature of the information,” Melissa Gilkerson, a StayWell spokeswoman, said in a statement.
According to StayWell, the information was collected in 2012 from Children’s Mercy employees and their spouses or domestic partners who registered online for a health-screening appointment. The data was stored by Onsite Health Diagnostics, a vendor used by StayWell. When Onsite became aware of the breach, it immediately removed data from the affected system, StayWell said.
StayWell has contacted the 4,076 people affected by the breach and provided them with the number to a telephone helpline. So far, the helpline has received about 23 calls.