Feeds

Medical diagnoses for 130,000 people vanish into thin air

'Dear Patient'

Internet Security Threat Report 2014

New York-based Lincoln Medical and Mental Health Center has become one of the latest medical providers to expose highly sensitive patient data after CDs containing unencrypted data sent by FedEx never made it to their destination.

The breach exposed medical and psychological diagnoses and procedures for 130,495 patients, according to a notification posted Tuesday. The CDs, which remain missing despite an investigation that was launched in early April, also contained names, addresses, social security numbers medical record numbers, dates of birth and other details that are regularly snarfed up by identity thieves.

In a letter sent to affected patients (PDF), hospital officials said they have no knowledge the missing information has been accessed by anyone.

Lincoln's notification to the US Department of Health website came the same day officials at the University of Maine said sensitive details for 4,585 individuals who sought services at the school's counseling center have been stolen by hackers who compromised two servers. The exposed data included names, clinical information and social security numbers for people who used the service over an eight-year span ending last week.

The university didn't say why it stored the data on internet-facing servers.

In the case of Lincoln, the CDs were lost in transit between contractor Siemens Medical Solutions USA and the New York-based hospital. Lincoln said it has suspended further transport of CDs by carrier. FedEx has suggested the disks probably got separated from their shipping envelope at one of its facilities and were destroyed.

Other medical facilities to fess up to losing patient data in the past 24 hours, according to the Department of Health website, include Silicon Valley Eyecare Optometry and Contact Lenses, with 40,000 people affected, Kentucky's Our Lady of Peace Hospital, with 24,600 affected, and the Cincinnati Children's Hospital Medical Center, which affected 60,000. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.