A hospital said Friday that one of its employees may have stolen records containing the names, phone numbers and, in some cases, social security numbers of as many as 40,000 patients.
The scope of the theft at New York-Presbyterian Hospital/Weill Cornell Medical Center in Manhattan was uncovered by a federal investigation and an internal audit, the hospital said.
None of the stolen data contained private medical information, and hospital spokeswoman Myrna Manners said the hospital was not aware of any instance where a patient had become a victim of a financial fraud or some other scam because of the data thefts.
But a law enforcement investigation is under way and Manners said there is evidence the theft was linked to a "larger criminal enterprise."
"We're taking this very seriously," she said. "We deeply regret that this has occurred." The hospital is contacting all 40,000 patients, setting up a hot line for people with questions and offering credit monitoring services for patients worried about possible financial crimes.
New York-Presbyterian has also formed a task force to examine hospital procedures and prevent future data thefts.
The hospital declined to reveal much else about the thefts Friday. Manners said that, due to the ongoing investigation, she couldn't disclose who stole the data or how the thefts occurred. She said the records involved patients treated in the past two years.
A spokeswoman for the U.S. Attorney's office in Manhattan, which would likely oversee any major federal law enforcement investigation focusing on the hospital, declined to comment.