February 24, 2011

NYC hospital system breach affects 1.7 million

The New York City Health and Hospitals Corp. (HHC), the city's municipal hospital system, has begun notifying 1.7 million individuals about the theft of electronic record files that contained their personal information.

What type of personal information? Full names, addresses, Social Security numbers, medical record numbers, health insurance information, diagnosis and treatment data, telephone numbers, mothers' maiden names and birth, admission and discharge dates.

What happened? The computer backup tapes were stolen on Dec. 23 from the truck of HHC's record management services vendor, GRM Information Management Services, while being transported to a secure location. At the time of the crime, the truck was parked on the street in Manhattan while the driver was making a pickup from another GRM customer.

The stolen backup tapes contain 20 years of information about patients, staff, contractors, vendors and anyone else who was treated by or provided services at HHC's North Bronx Healthcare Network hospitals and clinics. This consists of Jacobi Medical Center, North Central Bronx Hospital, along with two other community health care centers: the Health Center at Tremont and the Health Center at Gun Hill

Details: Only those with specialized knowledge and access to the right software and hardware would be able to view the information on the stolen tapes. There is currently no evidence that any of the stolen data was accessed.

Quote: “We apologize for the concern this incident may cause you and assure you steps are being taken to ensure that a similar incident does not recur, including the encryption of all future backup tapes,” William Nash, network senior vice president at North Bronx Healthcare Network, said in the notification letter.

What was the response? Upon discovery of the theft, the New York City Police Department was notified and launched an investigation. The stolen tapes have not been found, and police have no suspects.

HHC has fired GRM and has filed a lawsuit to cover the costs of the breach, according to reports.  

Affected individuals have been notified and offered one year of free credit monitoring and fraud resolution services. HHS also set up a phone hotline at (877) 412-7148 to answer any questions about the incident.

Source: New York City Health and Hospitals Corp., “Data Theft Notification to Jacobi Medical Center and North Central Bronx Hospital Patients, Staff, Contractors, Vendors, and Others," Feb. 9, 2011.

Previous Post
Next Post
Related Articles
Related Topics
close

Next Article in The Data Breach Blog

Advertisement

How to Prevent Insider Threats!

POLL

More in The Data Breach Blog

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

Hackers raid Washington state court system to steal ...

After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.

Personal California birth records found in "unsecure" location

The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.

Investment regulator loses portable device containing personal data

Although the specifics of the lost information is unknown, the Investment Industry Regulatory Organization of Canada has announced that 52,000 clients of 32 brokerage firms have been affected.