DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Chilton Medical Center hard drive containing protected health information was sold online

Posted on December 19, 2017 by Dissent

News12 NJ reports:

Nearly 10 years of personal hospital records could be at risk after it was discovered that a former employee sold a hard drive containing the information online.

The incident could affect patients at Chilton Medical Center in Pequannock who visited the hospital from May 1, 2008 through Oct. 15, 2017.

The hard drive contained names, dates of birth, addresses and medical record numbers. Hospital officials says that no Social Security numbers, financial information or medical records were compromised.

Read more on News12.  The following is the text of the medical center’s notice from their web site:

Notice to Chilton Medical Center Patients Regarding a Hard Drive Incident

Chilton Medical Center is committed to the privacy and security of our patients’ information. We take patient privacy very seriously and wanted to make our patients aware of a recent incident involving some of that information.

On October 31, 2017, we learned that an employee had removed a computer hard drive from the hospital in violation of Chilton Medical Center policy and sold it on the internet earlier that month. We began an investigation and notified the Morris County Prosecutor’s Office. Our investigation determined that the hard drive contained patient information, and may have included patients’ names, dates of birth, addresses, medical record numbers, allergies, and medications the patient may have received at Chilton Medical Center. No Social Security numbers, financial information, or medical records were affected. The employee no longer works at Chilton Medical Center.

This incident did not affect all Chilton Medical Center patients; only certain patients treated at Chilton Medical Center from May 1, 2008 to October 15, 2017. We have no indication that any patient information has been misused in any way. However, we began mailing letters to affected patients on December 15, 2017 and have established a dedicated call center to answer any questions patients may have. If you believe you are affected but do not receive a letter by January 5, 2018, please call 1-855-590-2129 (toll free) between 9:00 am and 9:00 pm EST Monday through Friday.

During our investigation, we determined that the former employee removed other devices and assets from Chilton Medical Center to sell on the internet in violation of policy. While we currently have no indication that any of these devices or assets contain patient information, we continue to investigate this incident and, if we determine additional patients are affected, we will notify them as appropriate.

This incident is not consistent with our privacy practices. While we have policies in place to protect patient information, we have, since this incident, enhanced our processes and controls to help prevent something like this from happening again.

UPDATE: This was reported to HHS as affecting 4,600 patients.

Category: Health DataInsiderU.S.

Post navigation

← OH: Geauga County Employees Notified of Data Security Breach
Appleby taking legal action after leak →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.