Hospital Loses Unencrypted Compact Disk

Information Security does not have to just be computer security.  This is an example of a security incident that happened in my local area with patient information from a hospital.  Since hospitals use Social Security Numbers, Date Of Birth, Address, Drivers License Numbers, and  insurance information.  If information like this would get into the hands of the wrong person any of these people could be a victim of identity theft.  The disk was also sent unencrypted which is another issue considering anyone with a cd/dvd rom could read the files. The hospital has taken the appropriate steps to contact patients and to offer them services to help protect their identities and personal information.

(From Wayne Memorial Hospital) http://www.wmh.org
On December 3, 2012, we learned that an unencrypted CD containing patient information had gone missing. The CD was included in a package sent by certified mail to our government authorized Medicare Administrative Contractor. Our contractor received the package damaged and without the CD. Upon learning this, we immediately conducted a thorough investigation, including a diligent search for the CD with both the United States Post Office and the contractor. To date, we have been unable to locate the CD. We have confirmed that the CD contained patient names, account balances, and, in some instances, Medicare numbers. The CD did not contain any financial information (such as credit card and/or bank account number).

While we have no reason to believe the information on the CD has been accessed or used in any way, out of an abundance of caution, we began notifying affected individuals on January 18, 2013. We have established a dedicated call center to answer questions. We are also offering to eligible individuals one free year of credit monitoring service provided by Experian, one of the three major nationwide credit reporting companies. If you believe you are affected but do not receive a letter by February 8, 2013, please call 866-221-0150, Monday through Friday, between 9:00 a.m. and 7:00 p.m. Eastern Time.

We deeply regret any inconvenience this may cause you. The Hospital takes this incident very seriously and is reviewing its policies and procedures to ensure patient information is protected. The Hospital is committed to protecting all patient information and educating staff hospital-wide on the importance of maintaining the confidentiality of patient information entrusted to Wayne Memorial.