NY: St. Luke’s Cornwall Hospital notifies patients after thumb drive with limited PHI is stolen
In reading the following statement from the hospital, keep in mind that the hospital’s home page says the incident involves the “possible disclosure” of “a limited number” of patients’ personal information. Their report to HHS of December 30th indicates that 29,156 patients were impacted. That’s some “limited number.”
On October 31, 2015, an individual entered a restricted area of St. Luke’s Cornwall Hospital (“SLCH”) and stole a USB thumb drive that may have contained limited protected health information for some patients. SLCH takes the privacy and security of its patients’ information very seriously and is cooperating with law enforcement personnel in their investigation.
As soon as the theft was discovered, SLCH began an investigation to determine what information was on the thumb drive. SLCH’s investigation revealed that the stolen thumb drive appears to have included a file which may have contained for some patients their name, medical record number, date of service, type of imaging service received, and administrative–type information used for internal business purposes. The thumb drive did not contain any Social Security numbers or electronic medical records, which remain secure.
Out of an abundance of caution, SLCH is offering identity theft recovery services through ID Experts®, the data breach and recovery services expert, at no cost to the individual. ID Experts fully managed recovery services will provide 12 months of complete access to their fraud resolution representatives. With this protection, ID Experts will help resolve issues if the individual’s identity is compromised.
SLCH values the privacy and security of its patients’ information and is taking steps to prevent this type of event from happening in the future, including requiring password and encryption protection for all of its USB thumb drives, and the implementation of new systems that do not require the use of thumb drives or other mobile media devices.
SLCH sincerely regrets any inconvenience or concern that this incident may cause, and remains dedicated to protecting the information of its patients. Individuals who may have been affected by this incident can call toll free 866-960-5790, Monday through Friday between the hours of 9 a.m. – 9 p.m. EST.
SOURCE: St. Luke’s Cornwall Hospital