Greg Bordonaro reports:
MidState Medical Center has begun sending letters to 93,500 patients whose personal information may have been compromised following the accidental loss of a computer hard drive, the hospital said in a letter to employees Tuesday.
The misplaced hard drive, which has not yet been recovered, contains patient’s names, addresses, birthdates, social security numbers and medical record numbers, hospital spokeswoman Pamela Cretella said.
The hospital learned of the misplaced hard drive, which was lost by a Hartford Hospital employee, Feb. 15, Cretella said. The hospital conducted an investigation into the matter and began notifying patients in a letter sent today.
Cretella said the hospital has no reason to believe that any personal information found on the lost hard drive has been misused. But MidState is offering those who have been affected two years of identity protection with Debix Identity Protection Network.
A statement on the medical center’s web site dated April 5 says:
Important Notice to Patients Regarding Misplaced Personal Information
By MidState StaffMERIDEN – On February 15, 2011, we learned that a hard drive containing personal information of some patients of MidState Medical Center had been misplaced. The information contained on the device consisted of names, addresses, dates of birth, marital status, Social Security numbers and medical record numbers. Not all of the patients being notified of the incident had Social Security numbers on the missing hard drive. We promptly began an investigation of the incident and subsequently reported the event to law enforcement authorities. We have no reason to believe that any personal information has been misused as a result of this incident. MidState Medical Center and other affiliates of Hartford HealthCare are in the process of reviewing their policies and are taking steps to help ensure that this type of incident does not happen in the future
We regret that this incident may affect some of our patients. We take our obligation to safeguard patient personal information very seriously. We encourage you to remain vigilant and regularly review and monitor your credit reports. You are entitled under U.S. law to one free credit report annually from each of the three national credit bureaus. To order your free credit report, call toll-free at (877) 322-8228 or visit www.annualcreditreport.com.
The Reference Guide provides details on these and other steps you may wish to consider, including recommendation by the U.S. Federal Trade Commission on how to further protect yourself against identity theft. You also may want to place a fraud alert or security freeze on your credit file.
We hope this information is useful to you. Please look through our FAQ for the most common questions regarding this incident, and if you do not find the answer please call (855) 398-6435 toll-free, Monday through Saturday, between 8:00 a.m. EDT and 8:00 p.m. EDT.
Again, we regret any inconvenience this may cause you.
Sincerely,
Lucille Janatka
President & Chief Executive Officer
A companion FAQ on the breach, also on the medical center’s web site, has some interesting details (emphasis added by me):
On February 15, 2011, we learned that an external hard drive containing personal information of some patients of MidState Medical Center had been misplaced. The information contained on the device consisted of names, addresses, dates of birth, marital status, Social Security numbers and medical record numbers. We promptly began an investigation and subsequently reported the event to law enforcement authorities. The individual is no longer employed by our business associate, Hartford Hospital, or any other Hartford HealthCare affiliate. We have no reason to believe that any personal information has been misused as a result of this incident.
[…]
After we learned that an external hard drive containing personal information of some patients of MidState Medical Center had been misplaced, we promptly began an investigation and subsequently reported the event to law enforcement authorities. We also retained a private investigator to search for the hard drive, but it has not been found. MidState Medical Center and other affiliates of Hartford HealthCare are in the process of reviewing their policies and are taking steps to help ensure that this type of incident does not happen in the future.