Breach Involves Missing Flash Drive

Nearly 25,000 Louisville hospital patients notified Howard Anderson (ismg_editor) • May 4, 2010

Breach Involves Missing Flash Drive

A psychiatric hospital in Louisville is notifying 24,600 patients about a breach involving the loss of an unencrypted flash drive.

Our Lady of Peace Hospital reports that the flash drive, which was discovered to be missing April 1, included information on admitted patients dating back to 2002, including names, room numbers, insurance and admission and discharge dates. In addition the flash drive included information on patients assessed since 2009 but not admitted. This included patient name, date of assessment, date of birth and time the patient left the facility.

For both types of patients, the information did not include any information on diagnosis or treatment, Social Security number or contact information.

In the letter to patients, required under the HITECH Act's breach notification rule the hospital advised individuals to place fraud alerts on their credit reports and then monitor their credit ratings.

In a media statement, the hospital said it is:

Re-educating staff about the appropriate way to handle patient information and protect electronic information;
Adopting encryption for software and computers; and
Taking appropriate disciplinary action against staff members involved.

Previous
Feds Fund Secure Data Exchange Demos

Next
Fed CISOs Seek Fresh Grads

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

You might also be interested in …

Cisco Umbrella at a Glance

Cisco Umbrella at a Glance

7 Ways to Take Cybersecurity to New Levels

7 Ways to Take Cybersecurity to New Levels

Why Skybox Should be at the Heart of Your Cybersecurity Strategy

2020 Vulnerabilities and Threat Trends Report

The Fundamental Guide to Building a Better Security Operations Center (SOC)

The Fundamental Guide to Building a Better Security Operations Center (SOC)

Building a Collective Defense

Building a Collective Defense

The State Of Data Security And Privacy, 2020

The State Of Data Security And Privacy, 2020

CISO Coffee Talks: Board Focus

CISO Coffee Talks: Board Focus

CISO Coffee Talks: Impartial Experts

CISO Coffee Talks: Impartial Experts

Around the Network

Analysis: Why Regulators Got Tough With H&M

Analysis: Why Regulators Got Tough With H&M

Panel Discussion: Securing Digital Payments

Panel Discussion: Securing Digital Payments

As Telehealth Use Grows, So Do Security Concerns

As Telehealth Use Grows, So Do Security Concerns

Building a Ransomware Incident Response Plan

Building a Ransomware Incident Response Plan

Analysis: Ransomware Dominates the Cybercrime Landscape

Analysis: Ransomware Dominates the Cybercrime Landscape

Analysis: The Significance of Russian Hackers' Indictment

Analysis: The Significance of Russian Hackers' Indictment

The IRS Takes on Cryptocurrency-Funded Terrorists

The IRS Takes on Cryptocurrency-Funded Terrorists

Roger Severino, Lead HIPAA Enforcer, on Fighting Hackers

Roger Severino, Lead HIPAA Enforcer, on Fighting Hackers

Why Digital Identity Is Gaining Momentum

Why Digital Identity Is Gaining Momentum

Supply Chain Risk Management: Areas of Concern

Supply Chain Risk Management: Areas of Concern

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.