(update) Grant Medical Center notice on data breach
Following a story in today’s Columbus Dispatch, reported earlier today on this blog, Grant Medical Center has issued the following press release and substitute notice on its web site:
POTENTIAL SECURITY BREACH AT GRANT
COLUMBUS, Ohio – On November 5, 2010, Grant Medical Center discovered that out-of- service computers were stolen from an inventory storage facility. Grant Medical Center immediately investigated and determined that the thefts were accomplished by one employee. Grant immediately strengthened the inventory controls and storage processes for out of service computers and terminated the employee involved. The employee attempted to clean information off the hard drives but used a technique that may not always be wholly effective. Although data remaining on the hard drives could include some unsecured personal health information for patients treated at Grant Medical Center between 2008 and November 5, 2010, it is inaccessible to anyone except skilled computer technicians with specialized software and equipment. To date, we are unaware that any personal information has been recovered or misused by any unauthorized person.
This announcement is a substitute notice under the HIPAA notice of breach rules. Individuals who believe that they may have been affected may call 1-888-845-0818 for assistance. This hotline number will remain in effect for at least 90 days.