Data transmission

Flash Drive and Data Exposure

May 4th, 2015

According to the reports, a lost flash drive containing “limited patient information” rendered a hospital to send out notification letters. As per the statement, Roper St. Francis Hospital mentioned that the flash drive did not contain Social Security numbers, dates of birth or financial information. Affected information includes patients’ names, ages, diagnoses, and dates of procedures.

After conducting a thorough investigation, hospital spokesperson stated that Roper St. Francis does not believe that the information was inappropriately accessed or used in a malicious way.

The story was covered by South Carolina news station, WCSC. It did not state how the flash drive went missing, or if Roper St. Francis was making efforts to adjust its physical, technical, or administrative safeguards.

As per the mail to the security news website-

“A USB flash drive for a computer that contained some patient information was inadvertently misplaced.” The lost flash drive contained information for about 375 patients including name, age, diagnosis, date of service, length of stay, procedure, outcome and provider name, according to the spokesperson. However, it was reiterated that the flash drive did not contain Social Security numbers, financial information, dates of birth, addresses, or insurance information. 

“There is no evidence or reason to believe that the information has been improperly accessed, acquired, or misused in any way,” the spokesman wrote in the email. “We are notifying individuals affected to let them know what we are doing to protect their patient information.”