John Dorschner of the Miami Herald reports that personal information of more than 200,000 visitors to Jackson Memorial Hospital between May 2007 and March 2008 was on a hard drive that was stolen from the hospital’s mainframe data center on or before February 11. According to the hospital’s CIO, no Social Security numbers or financial data were on the missing drive. The data appear to be limited to copies of drivers’ licenses or other types of identification that were presented at various security checkpoints.
Because there was no backup of that drive, the hospital is using the media to alert those affected.
A statement on the hospital’s web site says:
On March 4, 2009, a police report was filed with the Miami-Dade Police Department to investigate the theft of a hard drive stolen from the Jackson Memorial Hospital data center. The hard drive held identification information for individuals that presented a driver’s license or other form of identification at security points while visiting Jackson Memorial Hospital between May 2007 and March 2008. While a full investigation on this matter is ongoing, it is believed that the person(s) responsible wanted the hard drive and not the information it contained. No social security numbers or financial information was stored on the missing drive.
Jackson has taken steps to ensure this does not happen again. The information is now being monitored by a third party and stored at an offsite location. Effective immediately, data collected from visitors will be destroyed after 30 days. “We sincerely apologize for the inconvenience this breach may cause our visitors,” said Eugene Bassett, interim CEO, Jackson Health System. “We felt it was important for us to notify those who are potentially impacted. We collect visitor data in an effort to better manage access to our campus and, most importantly, to protect our patients. We will continue to work with law enforcement in hopes of apprehending the person or persons responsible for this crime.”
Those who visited Jackson Memorial Hospital during the time period in question may wish to place a fraud alert on their credit file. A fraud alert tells creditors to contact you before they open any new accounts or change a person’s existing account. To place a fraud alert, one can call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms the alert, the others are notified to place fraud alerts as well. All three bureaus will send credit reports to the requestor, free of charge.