Phoebe Putney Hospital is notifying thousands of patients that their medical information has been compromised by the disappearance of a hospital computer.
Phoebe confirmed to WALB News 10 that on November 6, 2013, the hospital learned that a password protected unencrypted desktop computer disappeared from one of its clinics the day before.
Read more on WALB.
A statement posted on the hospital’s site, linked from the home page, says:
Notice to Phoebe Putney Memorial Hospital Patients Regarding Missing Desktop Computer
Phoebe Putney Memorial Hospital (“PPMH”) takes our obligation to protect our patients’ personal health information seriously.
On November 6, 2013, PPMH learned that a password protected unencrypted desktop computer went missing from one of our clinics the day before. We immediately contacted the Albany Police Department and began a thorough internal investigation, including hiring an expert computer forensics company, to identify the information contained on the computer. After conducting a detailed review, we determined that the computer may have contained patient information, including patient names, addresses, dates of birth, dates of service, physician’s names, and diagnosis information. We have been cooperating with law enforcement in their investigation, but, to date, the computer has not been located.
We deeply regret any concerns and inconvenience this has caused our patients. We have reviewed and enhanced our security policies and procedures and have re-enforced with all staff the importance of handling patient information with care to prevent something like this from happening in the future.
This incident affected a limited number of PPMH patients treated between May 2010 and October 2013. As a precaution, we began notifying the affected patients by mail on January 3, 2014. If you believe you may be affected but did not receive a letter by February 1, 2014, please do not hesitate to call 1-877-866-6056 Monday through Friday between 9:00 a.m. and 9:00 p.m. Eastern Time.
There doesn’t seem to be any mention of security cameras that might have recorded the computer and whoever removed it.
WALB has uploaded a copy of the patient notification letter, which suggests to patients that the desktop was stolen and isn’t just missing on the premises.
Because the letter WALB uploaded makes no mention of free credit monitoring but the hospital’s press release says they offered it to patients, I suspect it was only offered to those whose Social Security number were involved (the recipient of the uploaded letter did not have their SSN on the computer).