News12 NJ reports:
Nearly 10 years of personal hospital records could be at risk after it was discovered that a former employee sold a hard drive containing the information online.
The incident could affect patients at Chilton Medical Center in Pequannock who visited the hospital from May 1, 2008 through Oct. 15, 2017.
The hard drive contained names, dates of birth, addresses and medical record numbers. Hospital officials says that no Social Security numbers, financial information or medical records were compromised.
Read more on News12. The following is the text of the medical center’s notice from their web site:
Notice to Chilton Medical Center Patients Regarding a Hard Drive Incident
Chilton Medical Center is committed to the privacy and security of our patients’ information. We take patient privacy very seriously and wanted to make our patients aware of a recent incident involving some of that information.
On October 31, 2017, we learned that an employee had removed a computer hard drive from the hospital in violation of Chilton Medical Center policy and sold it on the internet earlier that month. We began an investigation and notified the Morris County Prosecutor’s Office. Our investigation determined that the hard drive contained patient information, and may have included patients’ names, dates of birth, addresses, medical record numbers, allergies, and medications the patient may have received at Chilton Medical Center. No Social Security numbers, financial information, or medical records were affected. The employee no longer works at Chilton Medical Center.
This incident did not affect all Chilton Medical Center patients; only certain patients treated at Chilton Medical Center from May 1, 2008 to October 15, 2017. We have no indication that any patient information has been misused in any way. However, we began mailing letters to affected patients on December 15, 2017 and have established a dedicated call center to answer any questions patients may have. If you believe you are affected but do not receive a letter by January 5, 2018, please call 1-855-590-2129 (toll free) between 9:00 am and 9:00 pm EST Monday through Friday.
During our investigation, we determined that the former employee removed other devices and assets from Chilton Medical Center to sell on the internet in violation of policy. While we currently have no indication that any of these devices or assets contain patient information, we continue to investigate this incident and, if we determine additional patients are affected, we will notify them as appropriate.
This incident is not consistent with our privacy practices. While we have policies in place to protect patient information, we have, since this incident, enhanced our processes and controls to help prevent something like this from happening again.
UPDATE: This was reported to HHS as affecting 4,600 patients.