Lost piece of thumb drive contained thousands of patient records

[Erica Absetz <erica () riskbasedsecurity com>]

http://journalstar.com/news/local/lost-piece-of-thumb-drive-contained-thousands-of-patient-records/article_d3d422ab-ea6b-55f4-aa51-0bb1c4532337.html

They emptied vacuum cleaner bags. Scoured the office. Nothing.

Somehow, somewhere, sometime in May, a computer chip containing
medical records for more than 2,000 of a Lincoln doctor's patients
went missing — likely having slipped from the thumb drive Dr. James
Fosnaugh wore on a lanyard around his neck.

Fosnaugh's office, Wedgewood Legacy Medical at 8055 O St., said no
Social Security numbers or financial or insurance information was
lost.

But a news release from Wedgewood — required under the Health
Insurance Portability and Accountability Act when a medical provider
experiences a breach of privacy — said patients’ full names, birth
dates, home addresses, phone numbers and, in some cases, names of
family members were listed in the lost records.

Fosnaugh's office sent letters to the 2,125 patients with information
on the drive. It also contacted the federal government.

"Although we believe that it is highly unlikely that this computer
chip has or will be found by someone who can extract the information
from it, we cannot be 100 percent sure, thus we need to timely notify
our patients of this event," the news release said.

Fosnaugh used the thumb drive to review medical records, especially
when he was seeing patients in the hospital, the release said.

The office has since stopped storing patient information on portable
devices, it said.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.