California's Redwood Memorial Hospital this week began notifying 1,039 patients who had a specific test performed at the hospital between 2001 and 2013 that their personal information may have been exposed when an unencrypted thumb drive was lost (h/t PHIprivacy.net).
According to the hospital, on November 8, 2013, an employee discovered that the drive had been missing since November 6, 2013 from the hospital's Cardiopulmonary Services Department. It hasn't been recovered.
The information on the drive may have included patients' names, facility and address where services were rendered, report ID numbers, test indications, ages, heights, weights, test recording and analysis dates and times, and clinical summaries of test findings.
"The information had been intended to be maintained securely and used at the hospital," Redwood Memorial said in a statement. "Since discovering this situation, additional steps have been taken to ensure mobile devices have been secured within the hospital. Currently, Redwood Memorial Hospital and St. Joseph Hospital are working to review security policies and procedures relating to the use of mobile devices and will make changes where necessary to safeguard data."
Patients with questions are advised to contact (707) 269-3685.