Breach Involves Missing Flash Drive
Nearly 25,000 Louisville hospital patients notified
Our Lady of Peace Hospital reports that the flash drive, which was discovered to be missing April 1, included information on admitted patients dating back to 2002, including names, room numbers, insurance and admission and discharge dates. In addition the flash drive included information on patients assessed since 2009 but not admitted. This included patient name, date of assessment, date of birth and time the patient left the facility.
For both types of patients, the information did not include any information on diagnosis or treatment, Social Security number or contact information.
In the letter to patients, required under the HITECH Act's breach notification rule the hospital advised individuals to place fraud alerts on their credit reports and then monitor their credit ratings.
In a media statement, the hospital said it is:
- Re-educating staff about the appropriate way to handle patient information and protect electronic information;
- Adopting encryption for software and computers; and
- Taking appropriate disciplinary action against staff members involved.
