April 20, 2012

Seventeen years worth of Emory patient data missing

Emory Healthcare in Atlanta lost the personal information of surgery patients treated at its three hospitals when 10 backup discs went missing.

How many victims? 315,000 patients treated from September 1990 to April 2007.

What type of personal information? Names, Social Security numbers (on 228,000 patients), surgery dates, diagnoses, and other information about the procedures, such as whom performed them and what types of devices were used.

What happened? The discs went missing from a storage area at Emory University Hospital. An investigation concluded that the discs were removed at some point between Feb. 7 and 20.

What was the response? Victims are being notified by letter and will receive free identity protection services. In addition, the health care system has launched an investigation that will seek to "reinforce and clarify" current security and privacy policies.

Details: The data contained in the discs, covering patients at Emory University Hospital, Emory University Hospital Midtown and The Emory Clinic Ambulatory Surgery Center, has not been accessed by physicians since 2010. There is no indication that any of the missing information has been misused.

Quote: "We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information," said John Fox, president and CEO of Emory Healthcare.

Source: emory.edu, news release, "Emory Healthcare notifies individuals regarding missing data," April 18, 2012.

Previous Post
Next Post
Related Articles
Related Topics
Related Links
close

Next Article in The Data Breach Blog

Advertisement

How to Prevent Insider Threats!

POLL

More in The Data Breach Blog

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

Hackers raid Washington state court system to steal ...

After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.

Personal California birth records found in "unsecure" location

The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.

Investment regulator loses portable device containing personal data

Although the specifics of the lost information is unknown, the Investment Industry Regulatory Organization of Canada has announced that 52,000 clients of 32 brokerage firms have been affected.