As hospitals increasingly suffer data breaches resulting in identity theft, Emory Healthcare announced missing records for roughly 315,000 surgical patients, including those of the hospital's chief executive.
According to the Atlanta-based system, 10 backup discs containing both personal and health information have been missing from three of its facilities since mid-February. The discs contained data files from an obsolete software system that was deactivated in 2007.
The data files contained patient names, dates of surgery, diagnoses, procedure codes or the name of the surgical procedures, device implant information, surgeon names and anesthesiologist names. The records also included approximately 228,000 Social Security numbers.
"While we have no evidence at this time that any personal information has been misused as a result of this incident, we want to take all precautions to ensure our patients' information is safe," President and CEO John T. Fox said in a statement yesterday.
The chief exec had surgery at Emory when the discs likely went missing and has confirmed that his records were on the discs, the Atlanta Journal-Constitution reported.
Despite "strong policies" for protecting personal information, an Emory employee misinterpreted the guidelines. "Our view of that the employee made an honest mistake," Fox said at a press conference, the article noted.
As the system continues its investigation, it is notifying affected patients of the data breach and offering them free identity protection resources, such as credit monitoring.
Emory Healthcare also said it's strengthening and clarifying existing policies to better protect patient information across the system, as well as conducting an inventory to guarantee proper data security.
For more information:
- read the Emory announcement and notice to patients
- here's the Journal-Constitution article