The Medical Center, Bowling Green, Ky., is urging more than 5,400 patients to monitor their banking data and run regular credit checks after a hard drive containing their personal information turned up missing from the hospital's mammography suite. The 315-bed hospital believes the drive was stolen.
The drive contained data from patients who underwent bone-density testing at the hospital between 1997 and 2009. Patients' names, addresses and dates of birth, and in some cases, Social Security numbers, were on the device, but it did not contain any medical images or clinical information, the hospital said in a news release. Data was not encrypted, but the drive was stored in a locked area.
The hard drive was discovered missing on April 1, and following an internal investigation, the hospital enlisted the help of the Bowling Green police.
The hospital has set up an information number for affected patients to call with questions, and has also taken steps to ramp up security and prevent future incidents.
“As a result of this breach, steps are under way to further strengthen the security of patient information,” the hospital said in the release. “We will now archive data to a secure network, which will allow us to eliminate the need for use of a hard drive like the one that was stolen. Additionally, we will ensure that we do not have any other equipment configurations that utilize a portable hard drive containing nonencrypted data.”