The floating papers contained billing information on five patients at the hospital, which is located in the Brighton section of Boston.
St. Elizabeth said that a vendor had taken boxes of billing information from a building that was set to be demolished and apparently disposed of the boxes in a Charlestown field, instead of shredding them, according to a report by the Boston Globe.
The hospital said that while only five patient billing records were recovered, they decided to inform the 6,831 patients who had billing information stored in the building about a possible data breach.
“St. Elizabeth’s Medical Center had hired certain trusted vendors to begin clearing out the building on Jan. 30, 2012. All materials containing either a patient name or personal information were supposed to have been shredded”, the hospital said in a statement obtained by the newspaper.
In addition to credit card numbers and security codes, the information stored in the building included patient names, hospital account numbers, and credit card expiration dates.