Breach Caused By Hard Drive TheftKentucky hospital notifies nearly 5,500
On April 1, the Kentucky hospital discovered that the device had been stolen from its mammography suite. The hard drive contained information on patients who underwent bone density testing between 1997 and 2009. Information included name, date of birth, address, medical record number and physician name. For some patients, Social Security numbers and certain health information also was included.
The hospital notified local police as well as federal regulators as required by the HITECH Act's breach notification rule. In its letter to patients, it advised them to monitor credit and bank accounts and obtain a credit report.
As a result of the incident, the hospital said, "We will now archive data to a secure network, which will allow us to eliminate the need for use of a hard drive like the one that was stolen. Additionally, we will ensure that we do not have any other equipment configurations that utilize a portable hard drive containing non-encrypted data."