The Medical Center is currently notifying 5,418 patients of a breach of personal protected health information. The breach involves the theft of computer equipment from The Medical Center’s Mammography Suite containing information on patients who underwent bone density testing at The Medical Center between 1997 and 2009. We have no reason at this point to believe the device was stolen for the information on it or that any personal information has been released or used.
On April 1, 2010, we discovered that a piece of computer equipment had been stolen from The Medical Center Mammography Suite. Upon learning of the theft, we immediately conducted a comprehensive investigation of the incident, and the theft has been reported to the Bowling Green Police Department.
We have determined the information on the device included each patient’s full name, date of birth, address, medical record number and physician name. Some patients’ records also included information such as social security numbers, weight, height and menopause age. The information on the hard drive was not encrypted; however, the hard drive was maintained in a locked, non-public, private area.
The Medical Center has stringent policies and procedures in place to protect patient information and takes very seriously its obligation to safeguard the personal health information of its patients. As a result of this breach, steps are underway to further strengthen the security of patient information. We will now archive data to a secure network, which will allow us to eliminate the need for use of a hard drive like the one that was stolen. Additionally, we will ensure that we do not have any other equipment configurations that utilize a portable hard drive containing non-encrypted data.
We regret the incident, and we are committed to prevent future such occurrences. However, affected patients are strongly encouraged to take the following steps recommended by the Federal Trade Commission to prevent any possible misuse of personal information.
- Monitor accounts and bank statements each month and check credit report on a regular basis.
- Stay alert for the signs of identity theft, like:
- accounts you didn’t open and debts on your accounts that you can’t explain.
- fraudulent or inaccurate information on your credit reports, including accounts and personal information, like your Social Security number, address(es), name or initials, and employers.
- failing to receive bills or other mail. Follow up with creditors if your bills don’t arrive on time. A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks.
- receiving credit cards that you didn’t apply for.
- being denied credit or being offered less favorable credit terms, like a high interest rate, for no apparent reason.
- getting calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.
- accounts you didn’t open and debts on your accounts that you can’t explain.
- You may obtain a free copy of your credit report from each of the three major credit bureaus (Equifax, TransUnion and Experian) by calling 1-877-322-8228; by mail at Annual Credit Report Service, P.O. Box 105281, Atlanta, GA 30348-5281; or by visiting the website: https://www.annualcreditreport.com/cra/index.jsp.
The Medical Center is following all of the requirements of the American Recovery and Reinvestment Act of 2009 and the Health Information Technology for Economic and Clinical Health Act which includes: notification of the U.S. Secretary of the Department of Health and Human Services; notification of patients who may have had their personal protected health information accessed by the breach; public disclosure to the local media; and posting information about the breach on The Medical Center’s website.
We have established a toll-free number at 1-877-338-8525 for patients with questions about this matter who live outside the Bowling Green area and who desire to talk directly with The Medical Center’s Privacy Officer. Local residents may reach The Medical Center Privacy Officer at 270-796-2100. In addition, affected patients may visit The Medical Center’s web site at www.themedicalcenter.org where updated information about this breach will be posted.
Update as of June 9, 2010
The Medical Center has not received any reports of misuse of information related to the missing computer equipment. The police investigation of the theft remains open and active. Please check back to this site for future updates.
Update as of August 23, 2010
The Medical Center has not received any reports of misuse of information related to the missing computer equipment. The police investigation of the theft remains open and active. Please check back to this site for future updates.
Final Update: February 4, 2011
The Medical Center has not received any complaints of criminal misuse of stolen identity associated with the April 2010 breach of protected health information. These updates will be removed from the website on February 18.
