The Plain Dealer reports that Ohio’s University Hospitals (UH) recently began notifying more than 7,100 patients that their personal health information may have been exposed when an unencrypted hard drive was stolen (h/t PHIprivacy.net).
The drive was stolen from the vehicle of an employee working for a third-party vendor that was upgrading UH’s computer systems. UH was informed of the theft on August 8, 2013, and has spent the time since then determining what data was on the stolen drive.
FOX8.com reports that the data included patients’ names, home addresses, birthdates, medical record numbers, insurance provider information and health information about specific patient treatment.
The data also included 33 patients’ Social Security numbers. Those patients are being offered on year of free credit monitoring and identity theft protection.
“There’s no evidence that would lead us to believe that the thief knew what was on the hard drive or could even get into it,” hospital spokesman Janice Guhl told the Plain Dealer.
In response, UH says it is “actively engaged with an independent IT security consulting firm to strengthen [its] protocols.”