GLENS FALLS — The names and Social Security numbers of Glens Falls Hospital employees who had not received flu shots were released in an internal email to staff, according to a letter from management obtained by The Post-Star.
An employee who did not wish to be identified who had her information disclosed said that hospital management offered the employees one year of LifeLock identity theft protection free of charge because of the mistake.
Hospital officials said that the management group received an email from the Center for Occupational Health, regarding the influenza immunization status of employees. A report was attached to the email, which included employee names and their Social Security numbers, according to a copy of the Dec. 1 letter to staff obtained by The Post-Star.
The letter said that the hospital’s information services team worked with Microsoft to delete most of the emails from the Outlook email system. Also, recipients of the email have been instructed to delete any remaining emails and not disclose, copy or distribute them.
“We apologize for any inconvenience that this has caused. Glens Falls Hospital understands the importance of protecting its employees’ personal identification, including Social Security numbers, and will continue to maintain procedures and safeguards to protect this information,” wrote Colleen Susko, chief risk and compliance officer, in the letter.
When contacted for comment, hospital spokesman Katelyn Cinzio provided the following statement:
“There was a situation where employees’ personal information was released internally and we handled it immediately. Safeguarding personal information is our highest priority. We have communicated directly with affected employees on the ways in which we have addressed this to ensure continued protection of personal information,” she wrote.
Hospital officials did not return messages seeking further comment.
This is not the first time that the hospital has had an issue with data security.
In 2013, the medical records of more than 2,300 hospital patients were stored for more than four months on an unsecure computer server.
The hospital also had a dispute with employees about flu shots in 2009, after the state required that all health care workers receive flu vaccinations. Two nurses at the hospital spoke out against the requirement, stating that they wanted the right to refuse medicine they did not need. They suggested alternatives, such as wearing masks.