Emory Notifies 315k of Missing Disks

228,000 Social Security Numbers on Backup Media
Emory Notifies 315k of Missing Disks

Emory Healthcare in Atlanta is offering 315,000 surgical patients one year's worth of free credit monitoring services after discovering that 10 backup disks containing patient information are missing.

See Also: OnDemand | Realities of Choosing a Response Provider

The information on the unencrypted disks, missing from a storage area at Emory University Hospital, includes Social Security numbers for 228,000 patients. Other information on the disks includes patient names; dates of surgery; diagnoses; procedure codes or names of surgical procedures; device implant information; and surgeon and anesthesiologist names.

Patients affected were treated at Emory University Hospital, Emory University Hospital Midtown or the Emory Clinic Ambulatory Surgery Center between September 1990 and April 2007.

Disks Removed in February

An investigation determined the disks were "removed" between Feb. 7 and Feb. 20, according to an Emory Healthcare statement. "They contained data files from an obsolete software system that was deactivated in 2007," the statement notes. "This deactivated system was accessed very infrequently and only as requested by either patients or their physicians. They last time they were accessed was in 2010."

Emory Healthcare has launched an initiative to "reinforce and clarify existing policies and procedures for safeguarding the security and privacy of sensitive information," the statement notes. "Emory is conducting a comprehensive inventory of all physical spaces across the system to ensure data are properly secured."

So far, Emory has no evidence that any personal information has been misused as a result of the incident, and an investigation of the potential data breach continues.


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.