Hospital Data Breach in Kentucky Affects Thousands
A flash drive storing patient names, birth dates, admission and discharge dates, as well as insurance information has gone missing from a Kentucky psychiatric hospital.
Officials at Our Lady Peace, a 278-bed psychiatric hospital in Louisville, Ky., are racing to notify more than 24,000 patients that a flash drive containing some of their most personal and important information has been missing for more than a month.
The wayward drive contained patient names, room numbers, dates of assessment, admission and discharge, as well as birth dates and insurance company names. The compromised data affects patients admitted to the hospital since 2002.
"We have taken this breach very seriously," hospital officials said in a statement. "Patient confidentiality is sacred to us and our patients."
At this juncture, Our Lady of Peace administrators are unsure how the device was lost or stolen, but did say the drive was first identified as missing on March 31 or April 1. The hospital initiated an investigation that included the review of security tapes, interviews with staff members and an analysis of computer usage activity.
Officials said they have taken "appropriate disciplinary action" following the investigation, but did not disclose any other details. Meanwhile, it started sending out notification letters to all affected patients and placed an ad in a local newspaper alerting the community to the breach.
Securing portable data devices continues to be a major point of emphasis for security vendors, including McAfee (NYSE: MFE) and Symantec (NASDAQ: SYMC).
As companies rely on more mobile devices and cloud-based application delivery models to keep their workforce connected, the degree of difficulty from a security perspective increases dramatically.
According to the Ponemon Institute, a security research group, more than 800,000 data-sensitive memory devices, such as USB drives, hard drives and laptops are either lost or stolen each year.