Network Security, Security Strategy, Plan, Budget

Seventeen years worth of Emory patient data missing

Emory Healthcare in Atlanta lost the personal information of surgery patients treated at its three hospitals when 10 backup discs went missing.

How many victims? 315,000 patients treated from September 1990 to April 2007.

What type of personal information? Names, Social Security numbers (on 228,000 patients), surgery dates, diagnoses, and other information about the procedures, such as whom performed them and what types of devices were used.

What happened? The discs went missing from a storage area at Emory University Hospital. An investigation concluded that the discs were removed at some point between Feb. 7 and 20.

What was the response? Victims are being notified by letter and will receive free identity protection services. In addition, the health care system has launched an investigation that will seek to "reinforce and clarify" current security and privacy policies.

Details: The data contained in the discs, covering patients at Emory University Hospital, Emory University Hospital Midtown and The Emory Clinic Ambulatory Surgery Center, has not been accessed by physicians since 2010. There is no indication that any of the missing information has been misused.

Quote: "We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information," said John Fox, president and CEO of Emory Healthcare.

Source:, news release, "Emory Healthcare notifies individuals regarding missing data," April 18, 2012.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.