Inappropriate Download Leads to Breach

Hospital Staffer Who Lost Hard Drive Is Fired
Inappropriate Download Leads to Breach
A Connecticut hospital is notifying 93,500 of its patients about a health information breach involving data that was downloaded to an external hard drive in violation of the organization's policies.

A spokesman for MidState Medical Center in Meriden, Conn., which is part of the Hartford HealthCare system, says an employee of Hartford Hospital, another unit of the system that provides services to MidState, inappropriately downloaded patient information to use when working at home. The drive was discovered to be missing on Feb. 15, and the employee was fired for violating policies.

The drive included MidState patients' names, addresses, dates of birth, marital status, some Social Security numbers and medical record numbers. "We have no reason to believe that any personal information has been misused as a result of this incident," the medical center said in a statement on its website.

"MidState Medical Center and other affiliates of Hartford HealthCare are in the process of reviewing their policies and are taking steps to help ensure that this type of incident does not happen in the future," the statement said. The spokesman said those preventive measures will include educating staff members about privacy and security policies.

The medical center is offering patients who may have been affected two years of free credit monitoring.

Under the HITECH Act breach notification rule, breaches that affect 500 or more individuals must be reported to the Department of Health and Human Services' Office for Civil Rights within 60 days. The MidState breach is not yet listed on the OCR's list of major health information breaches.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network