When your database of all staff is on a flash drive that goes missing…
On September 9, Cooper University Hospital in New Jersey notified the New Hampshire Attorney General’s Office that a flash drive with a database of employees’ personal information was discovered missing on July 8, less than 24 hours after the database had been copied to the drive. The drive went missing from the Graduate Medical Education Office.
Anyone who was a Resident at Cooper University Hospital during academic year 2008/2009 and 2009/2010 or is currently a member of house staff is affected.
According to their letter, information on the employees included their names, personal email addresses, beeper numbers, Social Security Numbers, employee ID numbers, citizenship and visa information, undergraduate, graduate, and medical school identification number, United States Medical Licensing Examination (USMLE) number, Educational Commission for Foreign Medical Graduates (ECFMG) number, Step I/II scores, salary, address, telephone numbers, emergency contacts, marital status, spouse’s name, birth date and birth place, gender, race, forwarding address, home phone number, leave of absence information, license number, DEA number, CDS number, NPI number, and employer. For Visiting Residents, the information included their PA Training License Number. Not all individuals had all kinds of information in the database.
The loss was reported to the Camden Police Department and the State Police Cyber Crime Unit. The latter declined to investigate because the police department was already investigating.