Backup discs containing personal and health information missing from Emroy Healthcare Data

April 22nd, 2012 by admin Leave a reply »
Emory Healthcare Logo

Emory Healthcare loses 10 backup disks containing sensitive patient data

How can healthcare companies be so negligent? There is so much sensitive data lying around in a healthcare company that there is simply no excuse but to preserve it well. Unfortunately most of data theft and data breach cases are related to hospital and the healthcare industry. The latest case just affirms the above!

News in brief:

According to Emory Healthcare, a company based in Atlanta, 10 backup disks containing data on 315,000 patients went missing from a hospital storage facility. These disks contained info about surgical patients treated between September 1990 and April 2007.

The news in detail:

The health care system provides clinical care as part of the Robert W. Woodruff Health Sciences Center of Emory University.

The data breach was reported on April 18. The 10 disks contained information on surgical patients treated between September 1990 and April 2007. The disks seem to have vanished from a storage location at Emory University Hospital.

The exact locations were Emory University Hospital Midtown and the Emory Clinic Ambulatory Surgery Center.

228,000 records included Social Security numbers.  Rest of the files had patient names, dates of surgery, diagnoses, procedure codes, names of surgeons and anesthesiologists that the patients had seen. The cabinet that contained these discs was not locked even though the office was locked and the hallway had restricted access.

The disks had old data in a software application that Emory had deactivated in 2007. According to the healthcare company, the hospital’s IT systems were not hacked into.

John T. Fox, president and CEO of Emory Healthcare’s statement

“We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information,” , said in a statement. “While we have no evidence at this time that any personal information has been misused as a result of this incident, we want to take all precautions to ensure our patients’ information is safe.”

Ironical is the fact that Fox’s data could also have been hacked into as he underwent surgery during the same period!

What security measures are being implemented post theft?

Emroy’s letter to its patients says “We have taken immediate steps to fortify the protective measures that are already in place,” “New and enhanced data control measures have been implemented accordingly. Those affected by the theft will receive free identity protection services. In addition, the health care system is revamping its current security and privacy policy.

So far there is no evidence to show any of the missing data has been misused. The possibility that the discs could have been simply misplaced cannot be completely rules out at this point of time.

Prevent data theft with Alertsec encryption services

Alertsec is the leader in the field of hard disk encryption as a fully managed service. It provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way.

Alertsec’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

Enhanced by Zemanta

Leave a Reply