Cleveland hospital's unencrypted hard drive stolen, thousands affected

Share this article:

More than 7,100 patients who received care at University Hospitals of Cleveland are being notified that an unencrypted hard drive containing their data has been stolen.

How many victims? 7,170.

What type of personal information? Names, addresses, dates of birth, medical record numbers, insurance provider information and health information about specific patient treatment. Social Security numbers were compromised for 33 patients.

What happened? A thief stole the hard drive from the car of a third-party vendor working on upgrading the hospital's computer systems.

What was the response? University Hospitals has contacted law enforcement and opened an investigation into the theft. All patients are being notified by mail and the 33 who had their Social Security numbers exposed are being offered one free year of credit monitoring and identity theft protection services. The hospital is tightening its policies on use of technology by mandating that no devices be used unless encryption protection is active.

Details: University Hospitals was notified of the theft on Aug. 8.  

Quote: “There's no evidence that would lead us to believe that the thief knew what was on the hard drive or could even get into it,” Janice Guhl, a hospital spokeswoman, said. “We're trying to be very transparent because we want to make sure people are doing everything they can to protect themselves.”

Source:, 19 Action News, “University Hospitals possible security breach,” Nov. 4, 2013;, “UH notifies 7,100 patients of stolen hard drive with personal medical information,” Nov. 4, 2013.

Share this article:

Sign up to our newsletters


More in The Data Breach Blog

Laptop stolen from Self Regional Healthcare contained patient data

As least 500 patients of Self Regional Healthcare have been notified that their personal information was on a laptop stolen from a Self Regional facility.

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.