The Omnicell data breach that recently forced the University of Michigan Health System to notify 4,000 patients
that their data may have been exposed by the pharmacy services vendor also affects more than 64,000 patients of two health systems on the East Coast.
Thousands of Sentara Healthcare and South Jersey Healthcare patients have received letters informing them that their personal and medical information may have been breached by Mountain View, Calif.-based Omnicell.
Norfolk, Va.-based Sentara said Omnicell had disclosed that a device was stolen from an Omnicell employee's car on Nov. 14.
"In our area, there were about 56,000 patient records that were affected," said Cheri Hinshelwood, a Sentara communications adviser. Patients were notified about the breach by letter, Hinshelwood said. The laptop was password-protected but not encrypted, she said.
Hinshelwood said Sentara's contract with Omnicell requires that data be encrypted. UMHS, too, had that encryption stipulation, the university said in a news release.
According to Sentara, the missing device may have contained demographic as well as clinical information, including patient names, birth dates, allergies, admission and/or discharge dates, medication names and treating physician names. Affected patients were treated at 10 Sentara hospitals between Oct. 18 and Nov. 9, 2012, Sentara said.
Greg Potter, assistant vice president of marketing and public relations at South Jersey Healthcare in Vineland, N.J., said the breach affected 8,555 of its patients. Potter said an Omnicell employee, who was "troubleshooting" the system by pulling log files of patient records, remotely accessed the data.
Omnicell spokesman Bill Bode said the Omnicell engineer whose laptop was reported stolen "has been disciplined" but is still with the company.