« Bird flu hopes from 1918 victims
CTV.ca | Harper announces fourth byelection »

Another data breach: 1200 patients’ hospital records missing

http://www.sott.net/…

Liz Austin Peterson
Houston Chronicle
Thu, 07 Aug 2008 18:20 EDT

Employee put info of 1,200 people onto a device and now cannot find it

Many of the medical and financial records stored on a flash drive that has gone missing from the Harris County Hospital District belonged to patients with HIV or AIDS, Harris County Judge Ed Emmett said today.

About 1,200 patients were affected by the security breach, the hospital district said in a brief statement issued Wednesday.

Hospital District spokesman Bryan McLeod refused to answer follow-up questions about the missing data on Wednesday night and said he could not confirm or deny reports that the information mostly belonged to patients with the immune disorders.

McLeod had no immediate comment on Emmett’s remarks this morning.

Emmett, who was briefed on the problem Thursday morning, described the breach as “the worst possible thing” imaginable. The data stored on the drive included “total files,” he said, ranging from names, birth dates and Social Security numbers to medical diagnoses and treatments.

“It was just a major screw-up by an employee,” Emmett said, adding that the worker reported the loss to superiors.

The employee loaded the information onto the flash drive to work on a project at home a couple weeks ago and never saw it again, Emmett said. The device may not have even left district property, he added.

“I think everybody’s hope is that the flash drive fell in a trash can and is in a landfill somewhere now,” he said.

However, the information was not password protected or encrypted, he said.

The employee has not been fired because hospital district officials fear it would dissuade other workers from admitting similar mistakes, Emmett said.

But he called on the district to send a strong message that violating security and privacy policies will not be tolerated.

“I think some violations are so severe that you don’t have any choice,” he said. “Termination just would have to be an option.”

Patients whose information was on the device will be contacted by mail later this week and will be able to enroll in an identity theft protection program at the district’s expense, according to the statement McLeod issued Wednesday.

The district has strengthened its policies and procedures regarding the use of transportable media devices, according to the statement.

August 18th, 2008 | Tags: , , | Category: Uncategorized | Subscribe to comments | Leave a comment | Trackback URL

Leave a Reply

You must be logged in to post a comment.

If you're not angry, you're not paying attention.

Original work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License. All other material is posted under Fair Use. Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site.

Google Search

Goodies for me:

If you like this blog, please consider buying me a cup of coffee :D

Quote

Those who suppress freedom always do so in the name of law and order…John V. Lindsay

Recent Posts

Tags

Archives

 

December 2008
M T W T F S S
« Nov    
1234567
891011121314
15161718192021
22232425262728
293031  

RSS Hello Beautiful

RSS Gallery

Admin