Calif. hospital reports breach
A computer containing an index file that held limited patient information was stolen from Eisenhower Medical Center (EMC) on March 11.
The computer was password-protected but not encrypted. The electronic index included patient names, ages, dates of birth, the last four digits of the Social Security numbers and patient medical record numbers (MRNs), according to the Rancho Mirage, Calif. hospital, which stated it has implemented additional security procedures and protocols to help ensure patient privacy and security. The index reportedly included data for more than 514,000 people.
The computer did not contain any information regarding patients’ medical conditions or treatments at EMC, nor did it contain any other medical records. No financial, credit card or health insurance information was on the computer, according to a statement by the medical center.
The theft occurred at about 6 p.m. on March 11 and EMC staff discovered that a television was missing shortly afterward. But the computer was not found to be missing until EMC personnel reported for work on March 14. At this time, EMC has no reason to believe that the computer was stolen for the information that it contained, the facility stated.
The theft has been reported to law enforcement, and EMC has been cooperating with the investigation. Notification letters are being mailed to all affected patients.
The medical center said it immediately took steps to ensure the safety of patient information. Safeguard requirements and policies and procedures for computers were reviewed, and patient index data was moved from individual computers to the facility’s secure data center, according to the hospital.
“EMC deeply regrets that this happened and assures its patients and families of its patients, that it has taken immediate steps to investigate and attempt to recover the computer. We are committed to fully protecting all of the information entrusted to us by patients and their families. A call center has been established to answer any questions that the affected patients might have and the toll-free number is being provided in the notification letters that are being mailed,” the hospital stated.
The computer was password-protected but not encrypted. The electronic index included patient names, ages, dates of birth, the last four digits of the Social Security numbers and patient medical record numbers (MRNs), according to the Rancho Mirage, Calif. hospital, which stated it has implemented additional security procedures and protocols to help ensure patient privacy and security. The index reportedly included data for more than 514,000 people.
The computer did not contain any information regarding patients’ medical conditions or treatments at EMC, nor did it contain any other medical records. No financial, credit card or health insurance information was on the computer, according to a statement by the medical center.
The theft occurred at about 6 p.m. on March 11 and EMC staff discovered that a television was missing shortly afterward. But the computer was not found to be missing until EMC personnel reported for work on March 14. At this time, EMC has no reason to believe that the computer was stolen for the information that it contained, the facility stated.
The theft has been reported to law enforcement, and EMC has been cooperating with the investigation. Notification letters are being mailed to all affected patients.
The medical center said it immediately took steps to ensure the safety of patient information. Safeguard requirements and policies and procedures for computers were reviewed, and patient index data was moved from individual computers to the facility’s secure data center, according to the hospital.
“EMC deeply regrets that this happened and assures its patients and families of its patients, that it has taken immediate steps to investigate and attempt to recover the computer. We are committed to fully protecting all of the information entrusted to us by patients and their families. A call center has been established to answer any questions that the affected patients might have and the toll-free number is being provided in the notification letters that are being mailed,” the hospital stated.