NYC hospital system breach affects 1.7 million

Share this article:

The New York City Health and Hospitals Corp. (HHC), the city's municipal hospital system, has begun notifying 1.7 million individuals about the theft of electronic record files that contained their personal information.

What type of personal information? Full names, addresses, Social Security numbers, medical record numbers, health insurance information, diagnosis and treatment data, telephone numbers, mothers' maiden names and birth, admission and discharge dates.

What happened? The computer backup tapes were stolen on Dec. 23 from the truck of HHC's record management services vendor, GRM Information Management Services, while being transported to a secure location. At the time of the crime, the truck was parked on the street in Manhattan while the driver was making a pickup from another GRM customer.

The stolen backup tapes contain 20 years of information about patients, staff, contractors, vendors and anyone else who was treated by or provided services at HHC's North Bronx Healthcare Network hospitals and clinics. This consists of Jacobi Medical Center, North Central Bronx Hospital, along with two other community health care centers: the Health Center at Tremont and the Health Center at Gun Hill

Details: Only those with specialized knowledge and access to the right software and hardware would be able to view the information on the stolen tapes. There is currently no evidence that any of the stolen data was accessed.

Quote: “We apologize for the concern this incident may cause you and assure you steps are being taken to ensure that a similar incident does not recur, including the encryption of all future backup tapes,” William Nash, network senior vice president at North Bronx Healthcare Network, said in the notification letter.

What was the response? Upon discovery of the theft, the New York City Police Department was notified and launched an investigation. The stolen tapes have not been found, and police have no suspects.

HHC has fired GRM and has filed a lawsuit to cover the costs of the breach, according to reports.  

Affected individuals have been notified and offered one year of free credit monitoring and fraud resolution services. HHS also set up a phone hotline at (877) 412-7148 to answer any questions about the incident.

Source: New York City Health and Hospitals Corp., “Data Theft Notification to Jacobi Medical Center and North Central Bronx Hospital Patients, Staff, Contractors, Vendors, and Others," Feb. 9, 2011.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in The Data Breach Blog

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.