MidState Medical Center, located in Meriden, Conn., has reported missing a hard drive containing the personal information of tens of thousands of hospital patients.
How many victims? 93,500.
What type of personal information? Names, addresses, dates of birth, Social Security numbers and medical record numbers.
What happened? An employee of MidState's sister facility, Hartford Hospital, violated company policy by transferring patients' sensitive data to a personal hard drive to work from home.
Details: The drive was discovered missing on Feb. 15 and the employee has since been dismissed. The hospital does not believe that any information on patient diagnosis or treatment was compromised.There is currently no evidence that the information has been misused.
What was the response? After discovering the breach, the hospital launched an investigation and reported the incident to law enforcement. Affected individuals are being notified and offered two years of identity protection services. In addition, MidState Medical Center and other affiliated facilities are reviewing their policies and taking unspecified steps to prevent a recurrence.
Sources: MidState Medical Center, “Important Notice to Patients Regarding Misplaced Personal Information,” April 5, 2011.
The Hartford Courant, “Hospital Records Breach Involves 93,500 Patients,” April 5, 2011.