In December, Fresenius Medical Care of North America (FMCNA) discovered that a USB drive with patient information was missing from their Robinwood Dialysis Center in Hagerstown, Maryland. The drive had been attached to a computer in the dialysis center.
The information on the missing drive varied across patients, but included the patient’s name plus one or more of the following:
- Social Security number
- Insurance account number
- phone number
- address
- information about insurance payments
- information about patient’s ability to pay
Patients were offered free credit monitoring, and FMCNA is reviewing its use of flash drives and where flash drives will be used, encryption will be required.
Eight Maryland residents were notified of the breach.