DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Edwin Shaw employee loses unencrypted flash drive with 975 patients’ info

Posted on April 26, 2016 by Dissent

An anonymous site visitor kindly pointed me to this item that was in the Akron Beacon Journal last week:

If you went to Akron General Edwin Shaw Rehabilitation hospital in 2010 or 2011, expect to receive a letter from hospital officials saying that some of your information may have been compromised.

Officials said the data — 975 patient names and some medical record numbers, dates of service, names of insurance provider/referring provider and type of treatment received — are so generic that they are unlikely to lead to identity theft.

Wow, way to try to minimize your breach. Why was such old data on a flash drive that was taken off-premises? They don’t seem to explain that.

Read more on Ohio.com.  Here is the hospital’s full notice, as posted on their web site on April 22:

Notice Regarding Information Breach

On February 24, 2016, Edwin Shaw Rehab leadership became aware that a “flash” drive device containing limited protected health information belonging to some patients who received services in 2010 or 2011 had been inadvertently misplaced or disposed of at a February 19, 2016, business-related event, which was closed to the general public. The device was secured in a zippered day planner that an employee mistakenly left behind. There is no evidence to suggest that the device or any of its contents have been accessed or used improperly.

Do you really think a drive is “secured” if it’s in a zippered day planner? Oh well, let’s continue….

A thorough assessment was conducted once the employee discovered the day planner was missing on February 24, 2016. The information that was documented on the “flash” drive included one or more of the following types of information about patients: patient names, medical record number, date(s) of service, name of insurance provider, referring provider and type of treatment received. The device did not include any credit card, debit card, social security numbers or bank account numbers; nor did the device contain patient addresses, dates of birth or phone numbers.

But why was that old data on a flash drive outside of the offices? Was it being used at the business meeting? They provide no explanation for why these data were there and no explanation for why the drive wasn’t at least encrypted.

We want to ensure patients who were included on the “flash” drive are notified. This week, we sent letters to any patients whose information was on the device. In that mailing, we also provided educational material and information to contact us if they have additional questions.

Edwin Shaw policies and procedures prohibit the storage of patient information on the type of device involved. We take this matter very seriously and have taken additional steps to help prevent this from occurring again. This includes disciplinary action with the involved employee and mandatory training for the entire department to ensure they understand their obligations for protecting patient information and compliance with hospital policies.

Well, that’s good, but it still doesn’t explain why this happened.

Edwin Shaw Rehab is committed to providing the highest level of care for its patients, while protecting the privacy and security of their personal information. We regret this incident occurred and any inconvenience or concern this may cause to some of our patients. Should patients have any questions, they can contact us at [email protected] or by phone at 330.344.4722 or by mail to: Edwin Shaw, Attn: Compliance Office, 405 Tallmadge Rd., Cuyahoga Falls, OH  44221.

Related:

  • 700 sites hacked by Indian hackers as a revenge attack
  • Operation Anti Security Breakdown and targets, the…
  • Will Beacon Health Solutions' incident prompt OCR to…
  • Beacon Health System notifies patients after…
  • Latest update to HHS breach tool discloses…
Category: Commentaries and AnalysesHealth DataLost or MissingU.S.

Post navigation

← Minecraft Server Exposes Details of 7 Million Gamers
QNB, Al Jazeera, and other Qatar entities have their data leaked online →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.