The MD Anderson Cancer Center at the University of Texas has sent letters to about 2,200 patients whose unencrypted medical records may have been compromised on a lost thumb drive. It's the third possible data breach this year for the center.According to a statement
, a trainee lost the storage device on employee shuttle bus July 13. The missing records included patients' names, dates of birth, medical record numbers, diagnoses, and treatment and research information.
There were about 2,200 letters sent, said Julie Penne, an MD Anderson spokeswoman.
On April 30, a laptop with the unencrypted records of 29,201 MD Anderson patients
was reported stolen from a physician's home, according to the hospital and the official breach notification list kept by the Office for Civil Rights at HHS.
In January, nearly 4,000 patients were notified
their insurance claim records were on a laptop stolen from the home of a PriceWaterhouseCoopers employee, although those records were encrypted.
“There are a number of educational programs under way,” Penne said. “We've already encrypted 26,000 computers today and plan to do the rest in the next couple of months.” In addition, she said, the hospital has ordered 5,000 pre-encrypted thumb drives.
To date, since reporting began in September 2009, the civil rights' office, which is mandated by the American Recovery and Reinvestment Act of 2009 to post on its website details about medical records breaches affecting 500 or more individuals, has 489 breach incidents on the list involving more than 21 million people.