Medical diagnoses for 130,000 people vanish into thin air
New York-based Lincoln Medical and Mental Health Center has become one of the latest medical providers to expose highly sensitive patient data after CDs containing unencrypted data sent by FedEx never made it to their destination.
The breach exposed medical and psychological diagnoses and procedures for 130,495 patients, according to a notification posted Tuesday. The CDs, which remain missing despite an investigation that was launched in early April, also contained names, addresses, social security numbers medical record numbers, dates of birth and other details that are regularly snarfed up by identity thieves.
In a letter sent to affected patients (PDF), hospital officials said they have no knowledge the missing information has been accessed by anyone.
Lincoln's notification to the US Department of Health website came the same day officials at the University of Maine said sensitive details for 4,585 individuals who sought services at the school's counseling center have been stolen by hackers who compromised two servers. The exposed data included names, clinical information and social security numbers for people who used the service over an eight-year span ending last week.
The university didn't say why it stored the data on internet-facing servers.
In the case of Lincoln, the CDs were lost in transit between contractor Siemens Medical Solutions USA and the New York-based hospital. Lincoln said it has suspended further transport of CDs by carrier. FedEx has suggested the disks probably got separated from their shipping envelope at one of its facilities and were destroyed.
Other medical facilities to fess up to losing patient data in the past 24 hours, according to the Department of Health website, include Silicon Valley Eyecare Optometry and Contact Lenses, with 40,000 people affected, Kentucky's Our Lady of Peace Hospital, with 24,600 affected, and the Cincinnati Children's Hospital Medical Center, which affected 60,000. ®
Why aren't the people responsible in jail? Today, sending such data unencrypted is not just incompetent, it's deliberate sabotage. There really is no excuse.
It's only a matter of time...
...before they do the same with the EU banking data.
Have these guys never heard of encryption?