University of Michigan Health System Suffers Security Breach


The University of Michigan Health System (UMHS) recently acknowledged that approximately 4,000 patients' personal information may have been exposed when an unencrypted device was stolen from third-party vendor Omnicell.

"UMHS was notified Nov. 20 by Mountain View, Calif.-based medication management vendor Omnicell that an unsecured electronic device containing patient health information was stolen from an Omnicell employee's car on Nov. 14, according to a UMHS press release," writes Healthcare IT News' Erin McCann. "Notification letters to patients were sent out Dec. 18."

"Patients are encouraged to monitor medical insurance statements for fraudulent activity, but UMHS believes the risk is low," The Detroit Free Press reports.

"The unencrypted device contained patient names, dates of birth and medical record numbers and may have included gender, allergies, admission and/or discharge dates, physician name, patient type, hospital site, room number, medication name and medication dose amount and rate, route, frequency, administration instructions, start time and/or stop time from patients in three UMHS hospitals," writes mHIMSS' Mike Miliard.

"This year has been a rough one for hospital data security," notes TechNewsDaily's Ben Weitzenkorn. "In April the records of 315,000 former patients of Emory University Hospital in Atlanta were put at risk when 10 discs went missing from a storage facility. The next month, a Boston Children's Hospital employee lost a laptop containing almost 2,200 patient records. In June patients at Memorial Sloan Kettering Cancer Center in New York were informed that patient data inadvertently had been embedded in a PowerPoint presentation, publicly available on the Internet. And in September investigators discovered that University of Miami hospital staffers may have sold patient data."