Connecticut Investigates Breach2 Agencies Ask Questions About Hospital's Hard Drive Loss
The incident involved patient data that was downloaded to an external hard drive in violation of the organization's policies, and the drive was subsequently lost, according to the hospital. (See: Inappropriate Download Leads to Breach)
Attorney General George Jepsen and Consumer Protection Commissioner William Rubenstein are seeking more information about the security policies of the medical center, how the breach occurred and what is being done to prevent future breach incidents.
A spokesman for MidState Medical Center in Meriden, Conn., which is part of the Hartford HealthCare system, said earlier this week that an employee of Hartford Hospital, another unit of the system that provides services to MidState, inappropriately downloaded patient information to an external hard drive to use when working at home The drive was discovered to be missing on Feb. 15, and the employee was fired for violating policies.
The drive included MidState patients' names, addresses, dates of birth, marital status, some Social Security numbers and medical record numbers. "We have no reason to believe that any personal information has been misused as a result of this incident," the medical center said in a statement about the health information breach on its website.
"MidState Medical Center and other affiliates of Hartford HealthCare are in the process of reviewing their policies and are taking steps to help ensure that this type of incident does not happen in the future," the statement said. The spokesman said those preventive measures will include educating staff members about privacy and security policies.
The medical center is offering patients who may have been affected two years of free credit monitoring.