Data breach at Stephenville Medical and Surgical Clinic



STEPHENVILLE (June 2, 2017) – Stephenville Medical and Surgical Clinic released information to its patients this week informing them of a “data breach” within the company.

According to a release from the clinic, they were “involved in a data breach related to inadvertently emailing an archived list of patients to a single individual who was not a company official.”

Information released by SMSC stated the incident occurred on May 19, 2016, when an employee working in the Medical Records Department “mistakenly emailed a spreadsheet containing a list of former patients to an individual requesting a blank medical records form.”

Following an extensive investigation into the incident, the employee was terminated. SMSC also changed how information of patients is stored to prevent this from happening again in the future, according to a press representative for the clinic. The clinic did not return immediate phone calls, however, The Flash is working to contact a local official for more information.

The list contained personal information for a number of patients at the clinic including patients’ names, dates of birth, medical record numbers and (for some of the patients on the list) the last date visiting the clinic. According to the release, many of the patients on the list hadn’t been seen in years, some as many as nine years ago.

The individual who received the information opened the document, determined it wasn’t the information they had requested and contacted the clinic the next day. The clinic representative noted “the medical records numbers of the clinic are unique to SMSC and have no potential use except at SMSC.”

No financial information was included in the breach.

An independent investigation of the incident was done and it was concluded that recipient deleted the information from their computer and fully cooperated with the investigation. The clinic representative said the recipient “is a long-time patient and believed to be honest and trustworthy, therefore the clinic has no evidence that any of the data provided to the recipient has been or will be used or misappropriated.”

SMSC is currently working to contact all affected patients to explain what occurred and offer identity protection and restoration services. If you believe your information was distributed by SMSC, you can contact the clinic to learn more.

To Learn More

SMSC has established a dedicated-assistance line for anyone seeking additional information regarding this incident, as well as steps to better protect against identity theft. For the next 90 days, this assistance line can be reached at (888) 735-0505, Monday through Friday from 9 am to 9 pm EST.  

Identity Protection Tips

SMSC recommends potentially affected individuals check their credit reports and account statements regularly for suspicious activity.  SMSC also recommends potentially affected individuals consider enrolling in the complimentary identity protection services described in the letter.  


1 Trackback / Pingback

  1. Data breach at Stephenville Medical and Surgical Clinic - Blog - AI-powered Fraud Prevention for Ecommerce, Travel and Financial Enterprises |

Leave a Reply