Breach, Data Security

Unencrypted thumb drive containing patient data stolen from Duke University Health System


Duke University Health System (DUHS) is notifying an undisclosed number of patients that their personal information was on an unencrypted thumb drive that was stolen from an administrative office on July 1.

How many victims? Undisclosed. DUHS did not respond to requests for information. 

What type of personal information? Names, medical record numbers, physicians' names, and, in some instances, the names of certain Duke University Hospital locations visited.  

What happened? Spreadsheets containing patient data were stored on an unencrypted thumb drive that was stolen from a DUHS administrative office.

What was the response? DUHS is notifying all impacted patients. DUHS is enhancing encryption processes, and furthering staff education on the use of encryption and the importance of handling patient data securely.

Details: The theft occurred on July 1 and DUHS learned of it that same day. Affected patients were treated in the Duke Children's Health Center and Lenox Baker Children's Hospital between December 2013 and June 2014. The thumb drive has not been recovered.

Quote: “We have no reason to believe that the information on the thumb drive has been used in any way,” according to the notification posted to the DUHS website.

Source:, “Notice to patients regarding stolen thumb drive,” Aug. 29, 2014.

UPDATE: Responding to an email request for the number of impacted patients, a DUHS spokesperson told on Friday that all information available on the incident is in the notification posted to the DUHS website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.