The University of Rochester Medical Center notifies hundreds of patients of a data breach

06 May 2013

A security alert from the University of Rochester Medical Center. Hundreds of former orthopedic patients have had their personal information compromised.

The hospital says a resident physician misplaced a computer flash drive that had the information on it. The breach happened in March. Since then, the hospital has had to retrace its steps and send letters out to make sure everyone is notified.

Teri D’Agostino, URMC Director of Communications, said, “537 patients affected. We had a resident physician who was doing a study, looking at patients over the last ten years or so and he had included information on a flash drive, a portable flash drive that didn’t happen to be encrypted. It was against the rules and he didn’t realize that. He misplaced it and the last time he can remember it was in the pocket of his scrubs at the surgical center. We are quite sure it was put into the laundry and destroyed. We’ve sent letters to everyone and we’ve directed them back to the medical center to talk to us  and we can assure them that the information that was included did not include their home address, their social security number or any kind of insurance information. But the information that was on the flash drive was the patient’s name, age, their physician, the type of procedure that they had, their gender, their weight, information like that.”

The hospital says the resident physician has been counseled and the hospital has made some changes.Doctors are encouraged to access patient health information through the normal system because it has protections built- in. If they absolutely need to use a flash drive, it should be encrypted and require a pin number and pass code, otherwise, the information is scrambled. And D’Agostino says there are going to be annual reviews with staff to go over procedures.

Article sourced from: