DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Chilton Medical Center hard drive containing protected health information was sold online

Posted on December 19, 2017 by Dissent

News12 NJ reports:

Nearly 10 years of personal hospital records could be at risk after it was discovered that a former employee sold a hard drive containing the information online.

The incident could affect patients at Chilton Medical Center in Pequannock who visited the hospital from May 1, 2008 through Oct. 15, 2017.

The hard drive contained names, dates of birth, addresses and medical record numbers. Hospital officials says that no Social Security numbers, financial information or medical records were compromised.

Read more on News12.  The following is the text of the medical center’s notice from their web site:

Notice to Chilton Medical Center Patients Regarding a Hard Drive Incident

Chilton Medical Center is committed to the privacy and security of our patients’ information. We take patient privacy very seriously and wanted to make our patients aware of a recent incident involving some of that information.

On October 31, 2017, we learned that an employee had removed a computer hard drive from the hospital in violation of Chilton Medical Center policy and sold it on the internet earlier that month. We began an investigation and notified the Morris County Prosecutor’s Office. Our investigation determined that the hard drive contained patient information, and may have included patients’ names, dates of birth, addresses, medical record numbers, allergies, and medications the patient may have received at Chilton Medical Center. No Social Security numbers, financial information, or medical records were affected. The employee no longer works at Chilton Medical Center.

This incident did not affect all Chilton Medical Center patients; only certain patients treated at Chilton Medical Center from May 1, 2008 to October 15, 2017. We have no indication that any patient information has been misused in any way. However, we began mailing letters to affected patients on December 15, 2017 and have established a dedicated call center to answer any questions patients may have. If you believe you are affected but do not receive a letter by January 5, 2018, please call 1-855-590-2129 (toll free) between 9:00 am and 9:00 pm EST Monday through Friday.

During our investigation, we determined that the former employee removed other devices and assets from Chilton Medical Center to sell on the internet in violation of policy. While we currently have no indication that any of these devices or assets contain patient information, we continue to investigate this incident and, if we determine additional patients are affected, we will notify them as appropriate.

This incident is not consistent with our privacy practices. While we have policies in place to protect patient information, we have, since this incident, enhanced our processes and controls to help prevent something like this from happening again.

UPDATE: This was reported to HHS as affecting 4,600 patients.

Related posts:

  • NJ: Former Chilton Medical Center employee sentenced on Computer Criminal Theft charges
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
  • Small-Scale Violations of Medical Privacy Often Cause the Most Harm
  • Health Data Breaches in 2017: The Year in Review
Category: Health DataInsiderU.S.

Post navigation

← OH: Geauga County Employees Notified of Data Security Breach
Appleby taking legal action after leak →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.