BreachExchange mailing list archives
Lost piece of thumb drive contained thousands of patient records
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Mon, 1 Jul 2013 10:19:37 -0500
http://journalstar.com/news/local/lost-piece-of-thumb-drive-contained-thousands-of-patient-records/article_d3d422ab-ea6b-55f4-aa51-0bb1c4532337.html They emptied vacuum cleaner bags. Scoured the office. Nothing. Somehow, somewhere, sometime in May, a computer chip containing medical records for more than 2,000 of a Lincoln doctor's patients went missing — likely having slipped from the thumb drive Dr. James Fosnaugh wore on a lanyard around his neck. Fosnaugh's office, Wedgewood Legacy Medical at 8055 O St., said no Social Security numbers or financial or insurance information was lost. But a news release from Wedgewood — required under the Health Insurance Portability and Accountability Act when a medical provider experiences a breach of privacy — said patients’ full names, birth dates, home addresses, phone numbers and, in some cases, names of family members were listed in the lost records. Fosnaugh's office sent letters to the 2,125 patients with information on the drive. It also contacted the federal government. "Although we believe that it is highly unlikely that this computer chip has or will be found by someone who can extract the information from it, we cannot be 100 percent sure, thus we need to timely notify our patients of this event," the news release said. Fosnaugh used the thumb drive to review medical records, especially when he was seeing patients in the hospital, the release said. The office has since stopped storing patient information on portable devices, it said. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Lost piece of thumb drive contained thousands of patient records Erica Absetz (Jul 01)