Cleveland hospital's unencrypted hard drive stolen, thousands affected

Share this article:

More than 7,100 patients who received care at University Hospitals of Cleveland are being notified that an unencrypted hard drive containing their data has been stolen.

How many victims? 7,170.

What type of personal information? Names, addresses, dates of birth, medical record numbers, insurance provider information and health information about specific patient treatment. Social Security numbers were compromised for 33 patients.

What happened? A thief stole the hard drive from the car of a third-party vendor working on upgrading the hospital's computer systems.

What was the response? University Hospitals has contacted law enforcement and opened an investigation into the theft. All patients are being notified by mail and the 33 who had their Social Security numbers exposed are being offered one free year of credit monitoring and identity theft protection services. The hospital is tightening its policies on use of technology by mandating that no devices be used unless encryption protection is active.

Details: University Hospitals was notified of the theft on Aug. 8.  

Quote: “There's no evidence that would lead us to believe that the thief knew what was on the hard drive or could even get into it,” Janice Guhl, a hospital spokeswoman, said. “We're trying to be very transparent because we want to make sure people are doing everything they can to protect themselves.”

Source: 19actionnews.com, 19 Action News, “University Hospitals possible security breach,” Nov. 4, 2013; cleveland.com, “UH notifies 7,100 patients of stolen hard drive with personal medical information,” Nov. 4, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.