Log in

Posts Tagged ‘Hospital’

University of Tennessee Medical Center alerts 8,000 patients data not disposed properly

December 7th, 2010

: Tennessee in United States Map

According to a Knox News report, officials from the University of Tennessee Medical Center in Knoxville, Tenn. are notifying approximately 8,000 patients that the facility did not properly dispose of hospital reports containing private information, posing potential risk of a privacy data breach.

Also in August 2005, a computer was stolen from UT Medical Center’s West Knoxville billing office which contained names and other information of 3,800 people who received treatment at the hospital in 2003.

Officers View on This Data Breach

UT Medical Center spokesman Jim Ragonese said on Friday that “based on an internal investigation there is no reason to believe any patient information was disclosed, used or accessed inappropriately”. Ragonese said the hospital is sending potentially affected patient’s letters about the breach “out of an abundance of caution.” We are providing letter recipients with information about how to receive free credit reports and are creating a toll-free telephone line specifically to answer questions pertaining to this incident, Ragonese said.

According to Health Insurance Portability and Accountability Act Privacy Officer “Gary Thomas” for UT Medical Center, the hospital became aware on Oct. 4 that records were disposed of without being shredded. Thomas explained in his letter to affected patients that “a daily administrative report was automatically printed to a secure location inside the hospital.” Once printed, a hospital employee placed the report in a storage location within the department for later access. “Based upon departmental policy, the report was maintained for 45 days. The oldest report was discarded each day as a current report was added.

Officials of UT Medical Center said there is no reason to believe any patient information was disclosed, used or access inappropriately and patient-related information likely became unreadable during the hospital’s waste management process post-disposal. Thomas said the medical center immediately corrected the disposal process for the reports amid an extensive investigation into the issue. Thomas wrote to the patients that please be assured that we have taken numerous steps in an attempt to mitigate any potential harm to you, “As indicated previously, based on our investigation we do not believe any information was disclosed, used or accessed inappropriately.”

He added that all information was rendered unreadable during the hospital’s waste management process shortly after the disposal. Thomas said the hospital staff members involved in the incident has been “sanctioned” and employees are being retrained in proper procedures for document disposal. The hospital has corrected the disposal process and is taking extra measures to ensure the proper disposal of patient information, including retraining of employees and sanctions against involved hospital staff members, according to the report.

Thomas advises affected patients to:

Get a copy of their credit reports and look for signs of fraud and immediately report any unusual activity, continue to monitor their mail and credit reports and look for signs of identity theft and contact one of the three major credit bureaus to place a fraud alert on their credit report if warranted. UT Medical Center also advises the patients to contact it beginning Dec. 1 with any questions. The hospital’s toll-free number, 877-394-0517, will be active on Dec. 1 8 a.m.-11 p.m.

How Alertsec Xpress Would Have Helped:

In an incident which highlights the need of a data security and recovery software, the threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

University of Tennessee Medical Center data not disposed properly (knoxnews.com)
UT Medical Center alerting patients to possible privacy breach (knoxnews.com)
Joint venture helps those who need home infusion services (knoxnews.com)

No comments »

Posted in data breach

Tags: Gary Thomas Health Insurance Portability and Accountability Act Hospital Patient Tennessee Toll-free telephone number University of Tennessee West Knoxville

Holy Cross Hospital Suffers Data Breach

November 16th, 2010

: Holy Cross Image by reallyboring via Flickr

Hospitals are susceptible to data breaches and the latest incident at Holy Cross Hospital verifies and substantiates the claim. The massive data breach has resulted in loss of information of over 1500 patients and these were patients who had visited the emergency room of the hospital.

The information included:

Patients’ names
Addresses
Social Security numbers and other personal details

According to the news reports in Sun Sentinel newspaper, this information was leaked by an employee called Natashi Orr. She worked at the hospital from April 2009 until September 2010 and was later on fired after an investigation carried over a 3 month period by federal agents. The team carrying out their investigation was unable to determine the exact number of patients beyond the preliminary number of 1500. Technicians discovered that 36 year old Orr had printed critical patient information in files.

The breach came to light when postal inspectors were able to recover the paper based personal records of 38 patients. This activity was traced to find out the 1,500 files accessed by Orr.

As a prevention measure, the Holy Cross had sent notification to all the 44,000 patients who visited the emergency room during the affected period. According to the hospital chief executive Patrick Taylor, the notification ensured that there was no misuse of the information. Patients are also being provided free credit monitoring services by the hospital.

According to Taylor, “While it may be impossible to absolutely prevent an employee from violating our values and policies for personal gain, we are determined to take all necessary steps to review and strengthen our administrative procedures to ensure that we are providing the highest level of data security possible”.

Also the newspaper has mentioned that this incident is the second of its kind at the South Florida Hospital. In-fact 3 years back, an employee who was working at the Weston based Cleveland Clinic was also arrested for the theft of personal details of over 1130 patients. Post theft, this data was used on fraud medical bills. In-turn the data was also sold to a Naples based medical firm which had raised $8 million from all the fraud Medicare claims.

If you have suffered from the breach incident you can call the hotline at 800-388-4301. Also the cops have arrested people with charges at mail, wire and bank fraud — carry penalties up to 20 years in prison per count, with up to 10 additional years for each count of disclosing individual health information.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Explorys Expands its Network to Four Major Health Care Providers (prweb.com)
Communication gaps between doctors and hospitalized patients (doctorrw.blogspot.com)
Data Spills Cost U.S. Hospitals $6 Billion A Year (blogs.forbes.com)
Data Breaches Cost Hospitals Billions (pochp.wordpress.com)

1 comment »

Posted in AlertSec Xpress, Computer security, data breach

Tags: Cleveland Clinic data breach data security Health informatics Holy Cross Hospital Hospital Medicare Naples Social Security number United States

Patient Information stolen from Hospital

August 24th, 2010

Laptop

In two separate incidents, laptops containing patient information were stolen from University of Kentucky hospital, UK and from Cook County Health and Hospital.

Record of 2027 patients was stolen from the UK hospital between June 18 and June 21. The security breach has prompted the hospital authorities to issue a notification to the affected people. The information included patient names, dates of birth, diagnoses, mothers’ names and, in some cases, Social Security numbers of mothers in the Newborn Screening Program.

The stolen laptop was stored in a locked private office and was not having any computer protection software installed. The theft has been reported to the police and the investigation is going on.

Meanwhile, in another incident at Cook County Health and Hospital, a laptop was stolen on June 1 but it was reported only recently because of an ongoing internal investigation. The computer contained personal information of 7,000 Cook County health system patients.

Though, the investigation has determined the computer to be password protected, still the information within it may have been deleted. However, due to the uncertainty, officials have been reportedly notifying patients that their information may have been compromised. Guererro, meanwhile, says that he hasn’t seen evidence that any of the information has been accessed or distributed.

How Alertsec Xpress Would Have Helped

If you use a laptop encryption software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Takeover of Cook County Health (chicagoist.com)
‘Crook’ County’s ‘country club’ hospital Pouring Money Down thre Drain (chicagoraysrants.com)
Cook County Government Denies American Dream To Taxpayer (chicagonow.com)

1 comment »

Posted in laptop encryption, laptop theft

Tags: Cook County Illinois cookcounty Hospital Illinois security Social Security number United States University of Kentucky

Major Data Breach at Louisville hospital

June 23rd, 2010

: Jewish Hospital, Louisville

A Jewish hospital in Louisville is under severe fire with a damaging lawsuit filed against them for affecting a major data breach. As per the news reported in 3wave.com, a flash drive which contained the medical records information of more than 24,000 patients was mysteriously misplaced from the Our Lady of Peace Hospital. To make matters worse, one of the patients who is on the list is suing Our Lady of Peace and its parent, Jewish Hospital.

As per the new rules in the HITECH Act orgniazation are require to make disclosures within 60 days for breach incidents which involve more tha 500.

While the flash drive had disappeared on April 1, the hospital ran a legal advertisement notifying the public in Louisville’s largest newspaper, Courier-Journal on April 29 .

The flash drive contained unencrypted data of all patients admitted and patients assessed from 2002 till 2009. The patients data included name, room number, insurer name, and admission and discharge dates. What it didn’t have is information on treatments, Social Security number, date of birth, telephone numbers or address.

The patient’s attorney Ken Henry filed the lawsuit in Jefferson County which accuses the hospital of invading privacy, causing emotional stress and major negligence. The attorney wants Jewish hospital to pay for credit monitoring services for five years. In addition, patients are seriously upset over public leakage of their diseases. Apparently, the hospital treats the patients for sensitive diseases and obviously none of the patients is happy at the exposure of confidential information.

Barbara Mackovic, a spokeperson of the Jewish Hospital said,

“Patient confidentiality is sacred to us and our patients. We have taken this breach seriously, and we regret and apologize for any concern this has caused our patients and their families.

As we explained immediately to the people affected, as soon as we discovered the breach, we launched a full-scale investigation and took steps to prevent future breaches.

The news of data breach at a premier hospital is not new as during the last couple of months, many reports of data leaks have emerged across several hospitals in the United States. Last month we had analyzed a data breach incident at Cincinnati Children’s Hospital. It is time for hospitals to reviews their policies, procedures and implement the right computer security software which prevent damages even incases of theft and leaks.

No comments »

Posted in Data Protection, data breach

Tags: Facilities Health Hospital Jewish Hospital Louisville Medical record Medicine United States

Data Breach at San Bernardino Community Hospital

June 15th, 2010

: Image via Wikipedia

The Community hospital of San Bernardino has been reprimanded with a fine of $325,000 for violating confidential patient data in a major data breach incident. Apparently, the fine was imposed on the hospital because there was unauthorized access of the medical information of 204 patients by an employee. Initiialy, the fine was calculated at a value of $250000.

However, another $750000 was added when a separate case involving the unauthorized access of medical records of 3 more patients was found out.

Diane E. Nitta the hospital administrator said that hospital has,”enhanced staff education efforts around patient privacy (and) put in place expensive security measures that guard against inappropriate access to our patients’ records.”

According to the official spokeswoman of the hospital, Tobey Robertson none of the information was used to harm the patients.

How did these incidents happen?

In the first case, a radiology technician had obtained access to computerized medical records of 204 patients without a clinical need for the information.
In the second incident, a clerk had let a friend enter a restricted area, where the person heard confidential patient information given by three patients during the admitting process.

Apparently, the Department of Public Health has fined 5 authorities for data breach and the hospital is one of them.

Frequent incidents like these highlight the structured use of computer security software and data encryption software which ensures the protection of data and prevents loss of information incase of theft and losses.

Stay Secure with Alertsec Xpress

Why do data breach incidents happen in the first place? Perhaps your organization didn’t take the requisite steps or there was some level of negligence with the handling of data.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.