Breach, Data Security

Penn State Hershey employee takes data home, puts 1,801 patients at risk

About 1,800 patients of Penn State Hershey Medical Center are being notified that their information had the potential to be compromised because a clinical laboratory technician had been working with the data from home, outside the secured Penn State Hershey system.

How many victims? 1,801. 

What type of personal information? Names, medical record numbers, names of lab tests, visit dates and test results.

What happened? Patient data had the potential to be compromised after a clinical laboratory technician took the information home, outside the secured Penn State Hershey system.

What was the response? Penn State Hershey conducted an internal investigation. The medical center is training employees on protecting patient information. All impacted individuals are being notified.

Details: Penn State Hershey learned of the incident on April 11. The information related to a test ordered by Penn State Hershey women's health or family medicine clinicians, as well as other medical practitioners in the community who used Penn State Hershey laboratories for testing, between Aug. 1, 2013 and March 26. The employee had been entering the data into a test log on a personal home computer, and additionally used a flash drive to transport the information home and a personal email account to send the updated test log to two Penn State Hershey physicians.

Quote: “Results of an extensive internal investigation give no indication that any unauthorized person actually viewed or accessed this protected health information as a result of the employee's activity,” according to the notification posted to the website.

Source:, “Penn State Hershey notifies patients of potential information breach,” June 6, 2014.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.