DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Edwin Shaw employee loses unencrypted flash drive with 975 patients’ info

Posted on April 26, 2016 by Dissent

An anonymous site visitor kindly pointed me to this item that was in the Akron Beacon Journal last week:

If you went to Akron General Edwin Shaw Rehabilitation hospital in 2010 or 2011, expect to receive a letter from hospital officials saying that some of your information may have been compromised.

Officials said the data — 975 patient names and some medical record numbers, dates of service, names of insurance provider/referring provider and type of treatment received — are so generic that they are unlikely to lead to identity theft.

Wow, way to try to minimize your breach. Why was such old data on a flash drive that was taken off-premises? They don’t seem to explain that.

Read more on Ohio.com.  Here is the hospital’s full notice, as posted on their web site on April 22:

Notice Regarding Information Breach

On February 24, 2016, Edwin Shaw Rehab leadership became aware that a “flash” drive device containing limited protected health information belonging to some patients who received services in 2010 or 2011 had been inadvertently misplaced or disposed of at a February 19, 2016, business-related event, which was closed to the general public. The device was secured in a zippered day planner that an employee mistakenly left behind. There is no evidence to suggest that the device or any of its contents have been accessed or used improperly.

Do you really think a drive is “secured” if it’s in a zippered day planner? Oh well, let’s continue….

A thorough assessment was conducted once the employee discovered the day planner was missing on February 24, 2016. The information that was documented on the “flash” drive included one or more of the following types of information about patients: patient names, medical record number, date(s) of service, name of insurance provider, referring provider and type of treatment received. The device did not include any credit card, debit card, social security numbers or bank account numbers; nor did the device contain patient addresses, dates of birth or phone numbers.

But why was that old data on a flash drive outside of the offices? Was it being used at the business meeting? They provide no explanation for why these data were there and no explanation for why the drive wasn’t at least encrypted.

We want to ensure patients who were included on the “flash” drive are notified. This week, we sent letters to any patients whose information was on the device. In that mailing, we also provided educational material and information to contact us if they have additional questions.

Edwin Shaw policies and procedures prohibit the storage of patient information on the type of device involved. We take this matter very seriously and have taken additional steps to help prevent this from occurring again. This includes disciplinary action with the involved employee and mandatory training for the entire department to ensure they understand their obligations for protecting patient information and compliance with hospital policies.

Well, that’s good, but it still doesn’t explain why this happened.

Edwin Shaw Rehab is committed to providing the highest level of care for its patients, while protecting the privacy and security of their personal information. We regret this incident occurred and any inconvenience or concern this may cause to some of our patients. Should patients have any questions, they can contact us at [email protected] or by phone at 330.344.4722 or by mail to: Edwin Shaw, Attn: Compliance Office, 405 Tallmadge Rd., Cuyahoga Falls, OH  44221.

Category: Commentaries and AnalysesHealth DataLost or MissingU.S.

Post navigation

← Minecraft Server Exposes Details of 7 Million Gamers
QNB, Al Jazeera, and other Qatar entities have their data leaked online →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.