For the second time this year, the University of Texas M.D. Anderson Cancer Center has suffered a patient data breach. On Friday, the hospital announced that a medical student trainee working for the facility lost an unencrypted portable hard drive while riding on an employee shuttle bus on July 13.
The device contained information for 2,200 patients, including names and health data, according to the Houston Chronicle, all of whom were notified of the event via mail. No Social Security numbers or financial information was on the drive.
"We immediately began a search for the device and conducted a thorough investigation," officials said in a statement. "Unfortunately, the USB thumb drive has not been located."
In an interview with the Chronicle about the breachCyber security expert Bruce Schneier, said the incident was "dumb."
"This is kindergarten cryptography. And they didn't do it," Schneier told the Chronicle. "I'd be embarrassed if I were them. Of course, it's not them whose privacy could be violated."
In June, M.D. Anderson announced that a laptop containing data on more than 30,000 patients was stolen from a faculty member's home sometime between April 30 and May 1. Medical information for 10,000 patients was compromised, and names and Social Security numbers also were among the information stolen.
According to the Chronicle, the laptop has yet to be recovered, either, but no financial losses related to the breach have been reported.
Meanwhile, the student responsible for the lost USB drive no longer works for the institution, according to the Chronicle.