Breach, Threat Management, Data Security, Vulnerability Management

Cleveland hospital’s unencrypted hard drive stolen, thousands affected


More than 7,100 patients who received care at University Hospitals of Cleveland are being notified that an unencrypted hard drive containing their data has been stolen.

How many victims? 7,170.

What type of personal information? Names, addresses, dates of birth, medical record numbers, insurance provider information and health information about specific patient treatment. Social Security numbers were compromised for 33 patients.

What happened? A thief stole the hard drive from the car of a third-party vendor working on upgrading the hospital's computer systems.

What was the response? University Hospitals has contacted law enforcement and opened an investigation into the theft. All patients are being notified by mail and the 33 who had their Social Security numbers exposed are being offered one free year of credit monitoring and identity theft protection services. The hospital is tightening its policies on use of technology by mandating that no devices be used unless encryption protection is active.

Details: University Hospitals was notified of the theft on Aug. 8.  

Quote: “There's no evidence that would lead us to believe that the thief knew what was on the hard drive or could even get into it,” Janice Guhl, a hospital spokeswoman, said. “We're trying to be very transparent because we want to make sure people are doing everything they can to protect themselves.”

Source:, 19 Action News, “University Hospitals possible security breach,” Nov. 4, 2013;, “UH notifies 7,100 patients of stolen hard drive with personal medical information,” Nov. 4, 2013.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.