Breach Caused By Hard Drive Theft

Kentucky hospital notifies nearly 5,500
Breach Caused By Hard Drive Theft
The Medical Center at Bowling Green is notifying 5,418 patients of a breach resulting from the theft of an unencrypted portable hard drive stored in a locked area.

On April 1, the Kentucky hospital discovered that the device had been stolen from its mammography suite. The hard drive contained information on patients who underwent bone density testing between 1997 and 2009. Information included name, date of birth, address, medical record number and physician name. For some patients, Social Security numbers and certain health information also was included.

The hospital notified local police as well as federal regulators as required by the HITECH Act's breach notification rule. In its letter to patients, it advised them to monitor credit and bank accounts and obtain a credit report.

As a result of the incident, the hospital said, "We will now archive data to a secure network, which will allow us to eliminate the need for use of a hard drive like the one that was stolen. Additionally, we will ensure that we do not have any other equipment configurations that utilize a portable hard drive containing non-encrypted data."

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.