Atlanta’s Emory Healthcare recently admitted having lost 10 backup disks containing personal data on approximately 315,000 patients.
“The disks contained patient names, diagnosis, name of surgical procedure, and the surgeon, and most contained patient social security numbers as well, Emory said in a statement,” Infosecurity reports. “The patients were treated at Emory University Hospital, Emory University Hospital Midtown, and the Emory Clinic Ambulatory Surgery Center between September 1990 and April 2007.”
“John T. Fox, president and CEO of Emory Healthcare, said at a press conference Wednesday that the discs were not obtained through ‘hacking’ of the Emory system,” writes The Atlanta Journal-Constitution’s Carrie Teegardin.
“He insisted … the disks are old and can only be read on an out-of-date system that requires special training,” write CBS Atlanta’s Elizabeth Klynstra and Christopher King. “There is no evidence the missing information was stolen or misused, he said.”
“Based on an internal investigation, Emory Healthcare officials believe the disks were removed sometime between Feb. 7 and Feb. 20,” writes WSBTV’s Erica Byfield. “Fox said the employee who had the information did not properly secure it but will not face any disciplinary actions.”
“All affected patients will be provided access to identity protection services, including credit monitoring, at Emory’s expense, he added,” writes Atlanta Business Chronicle’s Urvaksh Karkaria. “Patients are being informed through letters delivered to their homes.”
“Last year, in a much smaller case, an Emory orthopedic clinic reported an incident in which about 80 patients had their personal information stolen,” notes Public Broadcasting Atlanta’s Jonathan Shapiro.