Medical records for 1.7 million people stolen from van

In one of the larger medical data thefts reported, personal health data for about 1.7 million New York City patients, hospital staffers and others was stolen on Dec. 23 from an unlocked van in Manhattan, the New York Times reports.

The electronic record files, which were stored on 20 years worth of magnetic tapes, contained personal information, protected health information or personally identifiable employee medical information on patients and workers, including names, addresses and Social Security numbers, according to the Wall Street Journal and the New York City Health and Hospitals Corporation. The van belonged to GRM Information Management Services, the city's medical records vendor.

Those affected by this patient privacy breach include patients, contractors and vendors who were treated by and/or provided services over the last 20 years at Jacobi Medical Center, North Central Bronx Hospital or their offsite clinics which make up the North Bronx Healthcare Network.

"The loss of this data occurred through the negligence of a contracted firm that specializes in the secure transport and storage of sensitive data," New York City's Health and Hospitals Corporation wrote in its data theft notification. So far, there is no evidence that the patient information has been inappropriately accessed or misused. Accessing the files would require technical expertise, officials said, according to the Wall Street Journal.

Last Wednesday, HHC began mailing notification letters to victims in 17 languages including Bengali, Albanian and Urdu. It is offering free credit monitoring and fraud resolution services.

HHC has ended its relationship with GRM and filed a lawsuit Thursday against the company seeking to hold the vendor responsible for the costs of notifying those affected and any related damages.

To learn more:
- read the New York City Health and Hospitals Corporation data theft notice
- here's the New York Times blog
- here's the Wall Street Journal story

Related Articles:
Security breaches of personal health information widespread
10 Egregious Patient Privacy Breaches
Hospitals fined $667K for patient privacy breaches
Feds propose stronger patient privacy rights
Stronger patient privacy rules ahead