Update on Phoebe Putney Hospital breach
WALB is just all over a breach involving Phoebe Putney Hospital in Georgia that was disclosed yesterday. Today, WALB reports that two employees have been fired over the breach, which the hospital still hasn’t described as a theft:
Phoebe officials say a computer forensics investigation showed only 13 people’s social security numbers were recorded on that missing computer hard drive. But it contained names, addresses, and possibly medical diagnosis information of nearly 6,800 people.
According to the November 7th police report, a hospital employee rearranging her office at the Behavioral Health Outreach Clinic boxed up her Dell desktop computer and left it outside her office in a locked hallway. The next morning it was gone.
“There was a custodial worker who believed that the computer, because it was inside a box, was trash,” said Phoebe Vice President, Chief Compliance and Privacy Officer Audrey Pike. “And so the box was discarded. According to the police report he threw it in the dumpster, but when they checked the next day it was gone.
Read more on WALB.
How often do we see employees fired over breaches? It happens, but usually we see that they’ve been “re-trained.” For the hospital to fire two employees – each for violating a different part of the hospital’s policies – strikes me as a bit unusual. But I bet all the remaining hospital employees will be extra cautious/compliant going forward.