MD Anderson suffers data breach affecting 2,200 patients
 |
According to a statement posted on its website, on July 14, the facility learned that a trainee lost an unencrypted portable hard drive on an MD Anderson employee shuttle bus. “We immediately began a search for the device and conducted a thorough investigation. Unfortunately, the USB thumb drive has not been located.”
The facility has sent notification letters to the 2,200 patients affected. The data included patient names, dates of birth, medical record numbers and diagnoses, and treatment and research information but the USB thumb drive contained no patient Social Security numbers or other financial information.
“We are enhancing our practices regarding the use of portable devices to transport patient data and are working to encrypt these devices,” the statement says. The facility also has purchased 5,000 encrypted USB thumb drives for use by employees who handle sensitive data. MD Anderson is in the process of encrypting its thousands of computers and “reinforcing employee education around our privacy policies that govern the handling of patient information and the use of portable devices to transport such data.”
A stolen laptop led to a breach in April.
Beth Walsh,
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.