New York's Lincoln Medical and Mental Health Center is notifying patients that their personal information may have been compromised after seven CDs full of unencrypted data were FedExed by a hospital contractor and then lost in transit.
The CDs were sent by the hospital's billing processor, Siemens Medical Solutions USA, around March 16, but never arrived at their intended destination. They included sensitive health and personal information including Social Security numbers, addresses, dates of birth, health plan numbers, driver's license numbers and even descriptions of medical procedures, the hospital said on a note posted to its Web site.
The breach affects 130,495 patients, according to a notification posted Tuesday by the U.S. Department of Health and Human Services.
Miaoulis Note: Tools are there to encrypt thumb drives, CDs, etc. Organizations need to encrypt, encrypt and encrypt. Mobile media should be the first place to start.