Chesapeake Regional Healthcare notifies 2,100 sleep center patients of medical record breach
Elizabeth Simpson reports:
Chesapeake Regional Healthcare is notifying 2,100 patients from the hospital’s sleep center program that some of their electronic health information might have been compromised.
Two portable hard drives were reported missing from the hospital’s sleep center on Feb. 6, which prompted contacting law enforcement, according to a Friday news release from the hospital.
The data breach includes sleep center patients who received medical services at The Sleep Center at Chesapeake Regional Healthcare between April 2015 and February 2018.
Read more on The Virginian-Pilot.
The following is the full text of the notice on the center’s web site:
Apr 6, 2018
CHESAPEAKE – Chesapeake Regional Healthcare (CRH) has notified 2,100 patients that some of their electronic protected health information (ePHI) may have been compromised.
On February 6, 2018, CRH determined two unencrypted, portable hard drives were missing from its Sleep Center in Chesapeake, VA. CRH conducted an internal investigation and contacted law enforcement.
The data breach affected only sleep center patients who received medical services at the CRH Sleep Center between April 2015 and February 2018.
We are in the process of notifying patients of the data breach by mail. The hard drives contained patient names, dates of birth, unique medical record numbers, demographic information, medications prescribed and details of procedures performed at the Sleep Center on the CRH campus. The hard drives did not include social security numbers, addresses or billing information.
CRH is adding improvements to safeguard portable hard drives and has enhanced company policies and procedures to prevent future incidents.
All patients impacted have been offered 12 months of complementary credit monitoring and identity theft protection services. They will receive assistance if their electronic medical records are discovered to have been used inappropriately.