New York hospital loses data on 130,000 via FedEx

[Darius Freamon <darius.freamon () gmail com>]

http://www.computerworld.com.au/article/351659/new_york_hospital_loses_data_130_000_via_fedex/

New York hospital loses data on 130,000 via FedEx
Breach affects 130,495 patients

   - Robert McMillan<http://www.computerworld.com.au/author/47886160/robert-mcmillan/articles>(IDG
News Service/San Francisco Bureau)
   - 30 June, 2010 15:41


New York's Lincoln Medical and Mental Health Center is notifying patients
that their personal information may have been compromised after seven CDs
full of unencrypted data were FedExed by a hospital contractor and then lost
in transit.

The CDs were sent by the hospital's billing processor, Siemens Medical
Solutions USA, around March 16, but never arrived at their intended
destination. They included sensitive health and personal information
including Social Security numbers, addresses, dates of birth, health plan
numbers, driver's license numbers and even descriptions of medical
procedures, the hospital said on a note posted to its Web
site<http://www.nyc.gov/html/hhc/lincoln/html/news/public_notice_20100604.shtml>
.

The breach affects 130,495 patients, according to a
notification<http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html>posted
Tuesday by the U.S. Department of Health and Human Services.

"FedEx has suggested that the CDs likely became separated from their
shipping envelope at one of its facilities, were swept up and destroyed,"
the hospital said in a
letter<http://www.nyc.gov/html/hhc/lincoln/downloads/pdf/lincoln-security-notice-2010-06-eng.pdf>sent
to victims, dated June 4.

The CD was password-protected but unencrypted, the letter states.

Companies have begun taking better care of their customers' data in recent
years, as they've had to foot multimillion-dollar bills following similar
incidents. According to the Ponemon Institute, a security research firm, the
average U.S. data breach costs companies more than US$200 per record
<http://www.networkworld.com/news/2010/012510-data-breach-costs.html>.

Siemens is no longer FedExing CDs to Lincoln, the hospital said. It is not
aware of any of the data being improperly accessed.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php