BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

PA: Huge loss of patient data at Jefferson

From: security curmudgeon <jericho () attrition org>
Date: Thu, 29 Jul 2010 20:51:28 -0500 (CDT)

http://www.philly.com/philly/blogs/healthcare/Huge_loss_of_patient_data_at_Jefferson.html

Thursday, July 29, 2010
Huge loss of patient data at Jefferson

On Friday, Thomas Jefferson University Hospital in Philadelphia notified 
21,000 patients that a laptop computer containing their unencrypted 
personal data including names, birth dates, insurance information and 
social security numbers was stolen from an office at the hospital on June 
14.

The laptop was password-protected; Still, the data could be accessed since 
it was not encrypted as required by the hospital. Jefferson has written 
letters to each of the effected patients and hired Kroll Inc. to conduct 
an internal investigation and provide identify theft protection and 
ongoing monitoring.

Jefferson.s president and chief executive, Thomas J. Lewis, urged all the 
patients who get the letters from him to use the individual id codes and 
activate the identity theft protection by Kroll.

.As upsetting it is for me, I know it is even more upsetting for the 
people who have gone through it and I am really sorry that they have to 
deal with this,. Lewis said in an interview.

Since the computer was reported missing, Lewis said the hospital has 
engaged in a broad review of its policies and procedures to .try to make 
it fool-proof that this can.t happen again at Jefferson..

That involved fixing flaws in the system that enabled the data to be moved 
from the hospital.s computer system to the employee.s laptop. The employee 
violated hospital policy by copying the data, and would be subject to 
.appropriate action,. Lewis said.

He declined to go into specifics of the personnel action.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: