WCSC reports that 360 patients of Roper St. Francis Hospital will be getting a letter about a lost flash drive that contained what a hospital spokesperson described as “limited patient information.”
The information may be “limited,” but it still is sensitive: names, ages, diagnoses, and dates of procedures.
Hospital officials say a thorough search and investigation was conducted, and they believe no one has improperly accessed the flash drive or used it for ill will.
Read more on WCSC. I can’t find any statement on the hospital’s web site yet, and we won’t see this one on HHS’s breach tool as it’s less than 500. Last year, the hospital had another breach involving misdirected faxes that was also under the 500 threshold for the breach tool. That doesn’t mean that HHS won’t investigate these breaches, however.
Updated: HealthITSecurity.com obtained additional information from the hospital that indicated that information on the misplaced flash drive included “name, age, diagnosis, date of service, length of stay, procedure, outcome and provider name.”