WEYMOUTH, MA – South Shore Hospital in Weymouth, Mass., reported on Monday that back-up computer files containing personal, health and financial information for approximately 800,000 individuals may have been lost by a data management company that was hired to destroy them.

Officials at South Shore Hospital, a not-for-profit, regional provider of acute, outpatient, home health, and hospice care for Southeastern Massachusetts, said the files were being destroyed because the formatting was no longer compatible with what the hospital used.

According to the hospital, files were sent to a professional data management company for offsite destruction on Feb. 26. When certificates of destruction were not provided in a timely manner, officials said they pressed the data management company for an explanation and were finally informed on June 17 that only a portion of the files had been received and destroyed.

The hospital's investigation has revealed that the computer files contained personally identifiable information for patients who received medical services at South Shore Hospital – as well as employees, physicians, volunteers, donors, vendors and other business partners associated with the hospital – between Jan. 1, 1996, and Jan. 6, 2010.

The information on the files may include individuals' full names, addresses, phone numbers, dates of birth, Social Security numbers, driver's license numbers, medical record numbers, patient numbers, health plan information, dates of service, protected health information including diagnoses and treatments relating to certain hospital and home healthcare visits, and other personal information. Bank account information and credit card numbers for a very small subset of individuals also may have been on the back-up computer files, said officials.

South Shore's investigation has included working with the data management company and shippers to search for the missing files, taking steps to verify the scope and types of information contained in the back up computer files, and assessing the possibility that someone could access that information. According to officials, there is no evidence that information on the back-up computer files has been accessed by anyone. An independent information-security consulting firm has confirmed that specialized software, hardware, and technical knowledge and skill would be required to access and decipher information on the files.

South Shore Hospital has advised the Mass. Attorney General's office, the Mass. Department of Public Health, and the U.S. Department of Health and Human Services about this matter. The hospital has also ceased the offsite destruction of back-up computer files and is putting policies in place to ensure that a similar situation cannot occur. The investigation into the matter remains ongoing.

"I am deeply sorry that these files may have been lost," said Richard H. Aubut, South Shore Hospital president and chief executive officer. "Safeguarding confidentiality is fundamental to our mission of healing, caring and comforting. I recognize that this situation is unacceptable and would like to personally apologize to all those who have trusted us with their sensitive information."

Hospital officials said they are working to verify whose information may have been on the missing back-up computer files, and will send formal notification letters in the next several weeks.

Aubut said the hospital's investigation "will not end until all reasonable efforts have been exhausted."