Cleveland hospital's unencrypted hard drive stolen, thousands affected

Share this article:

More than 7,100 patients who received care at University Hospitals of Cleveland are being notified that an unencrypted hard drive containing their data has been stolen.

How many victims? 7,170.

What type of personal information? Names, addresses, dates of birth, medical record numbers, insurance provider information and health information about specific patient treatment. Social Security numbers were compromised for 33 patients.

What happened? A thief stole the hard drive from the car of a third-party vendor working on upgrading the hospital's computer systems.

What was the response? University Hospitals has contacted law enforcement and opened an investigation into the theft. All patients are being notified by mail and the 33 who had their Social Security numbers exposed are being offered one free year of credit monitoring and identity theft protection services. The hospital is tightening its policies on use of technology by mandating that no devices be used unless encryption protection is active.

Details: University Hospitals was notified of the theft on Aug. 8.  

Quote: “There's no evidence that would lead us to believe that the thief knew what was on the hard drive or could even get into it,” Janice Guhl, a hospital spokeswoman, said. “We're trying to be very transparent because we want to make sure people are doing everything they can to protect themselves.”

Source: 19actionnews.com, 19 Action News, “University Hospitals possible security breach,” Nov. 4, 2013; cleveland.com, “UH notifies 7,100 patients of stolen hard drive with personal medical information,” Nov. 4, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Malware on Breyer Horses website for about 18 months, payment card data ...

Malware installed on the computer server hosting the Breyer Horses website may have compromised personal information for people who made purchases between March 31, 2013 and Oct. 6.

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.