The University of Texas MD Anderson Cancer Center recently announced that patient data may have been exposed on July 13 when a trainee lost an unencrypted USB drive on an employee shuttle bus. Data on the drive, which has not been recovered, included patient names, dates of birth, medical record numbers and diagnoses, and treatment and research information.
"Anderson spokeswoman Julie Penne said the unencrypted device ... did not contain patients' Social Security numbers or financial information," writes The Houston Chronicle's Allan Turner. "After an intensive but futile search for the lost USB thumb drive, cancer center technicians began re-creating the lost data and determining which patients had been affected. That task has taken more than a month, Penne said."
"M.D. Anderson on Friday began mailing letters to approximately 2,200 patients whose information was on the drive," writes The Houston Business Journal's Olivia Pulsinelli. "The cancer center said it does not believe the information has been or will be accessed improperly."
"In June, M.D. Anderson announced that a laptop containing data on more than 30,000 patients was stolen from a faculty member's home sometime between April 30 and May 1," notes FierceHealthIT's Dan Bowman. "Medical information for 10,000 patients was compromised, and names and Social Security numbers also were among the information stolen."
"The university says that it’s going to start giving out encrypted USB drives to employees and plans on reinforcing patient data safety practices," writes EHR Intelligence's Patrick Ouellette. "Of course, Anderson also said back on June 28 that it 'takes this incident very seriously and is committed to protecting patient privacy' while offering the same promises to improve data security. Letting unencrypted USB devices float around among trainees is not the best way to follow through with those plans."