- Image by Agathe B via Flickr
Hospitals in Kentucky witnessed severe data breach incidents which contained critical information about the patient records.
Missing Flash Drive
The first incident was report at Our Lady of Peace, a psychiatric hospital in Louisville. It was learnt that a flash drive which had information of 24,600 individuals went missing from the beginnning of April. Although, there was information posted on the website hospital did run a legal advertisement notifying the public in the Courier-Journal, which is the largest newspaper in Louisville. The advertisement was published recently in the newspaper on April 29.
We had recently mentioned the changes in regulations, where according to the new definitions in the HITECH Act organizations are required to disclose data breaches within 60 days of occurance. These reports are applicable for all incidents where 500 or more individuals are affected. Any incidents which are small can be reported on a yearly basis.
According to the hospital authorities, the stolen piece of flash drive contained the data of patients who had bone density testing done between 1997 and 2009. The patients data included their name, room number, insurer name, and admission and discharge dates. It did not include diagnoses or treatments, Social Security number, date of birth, telephone numbers or address.
Our Lady of Peace is reeducating employees on ways to protect patient information, implementing encryption technology and disciplining an undisclosed number of employees, according to a media statement.
Spokeswoman Barbara Mackovic said, “We very much regret that this situation occurred,”. “We apologize for any concerns that have been caused for our patients and their families.”
Case of Stolen Hard disk
In another incident, The Medical Center at Bowling Green, a 337-bed, full service, not-for-profit hospital has reported the loss of hard drive containing the data of 5,418 patients. The equipment had the data of patients who had bone density testing done between 1997 and 2009.
The information on the stolen device was unencrypted and it included each patient’s full name, date of birth, address, medical record number and physician name. There were some records for which information also included social security numbers, weight, height, and menopause age.
The hospital authorities quoted on a website, “We will now archive data to a secure network, which will allow us to eliminate the need for use of a hard drive like the one that was stolen,”. “Additionally, we will ensure that we do not have any other equipment configurations that utilize a portable hard drive containing non-encrypted data.”
According to Dori Thomas, vice president of marketing and development for parent corporation Commonwealth Health Corp, ”The hospital has been working toward the goal of having all data encrypted, an initiative that started before the data breach“.
Once again, these incidents raise hard questions about the approch and sensitivity towards data/information security as adopted by private agencies, enterprises and government organizations.
About Alertsec
Businesses need to accept encryption as a key part of their data protection strategy. Do your company a favor and explore the benefits Alertsec Xpress can offer you.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=f28187f8-d0f0-46ea-82da-ee5518b32b7e)
I truly loved reading your blog. It was well written and easy to undertand. Unlike other blogs I have read. I also found it very interesting. Actually after reading, I had to go show the better half and she ejoyed it also!
I was rather thrilled to find this site.I wanted to thanks you for the benefit of this cyclopean read!! I once enjoying every little touch of it and I deliver you bookmarked to look into escape new gluttonize you post.