OhioHealth patient data exposed

Suzanne Hoholik reports:

OhioHealth officials announced yesterday that they will provide one year of credit protection to anyone who was a patient at Grant Medical Center from Jan. 1, 2008, through Nov. 5, 2010.

Mark Hopkins, a spokesman for OhioHealth, which owns Grant, said an employee stole computers from an inventory storage facility that contained patient health information.

The employee, who has since been fired, “tried to clean the hard drives and resell them,” Hopkins said.

The hospital system reported the theft to Columbus police on Nov. 16.

Lt. Mike Woods of the burglary bureau said police recovered a laptop, four desktop computers and five monitors from a local computer store. The stolen items were returned to OhioHealth.

Hopkins said it’s unlikely any patient information was accessed because it was encrypted and password-protected.

He said he had no idea how many patients are affected.

Read more in the Columbus Dispatch.   At this time, I don’t find any statement on OhioHealth or Grant’s web site.  Nor do I see any listing on HHS’s breach tool.  If the data were encrypted, it may not have been reported.

Thanks to Bart Porter of redmentech for this link.

About the author: Dissent