Lost Thumb Drive was used to Store PHI for Renown Health

Renown Health, the largest healthcare supplier in Northern Nevada, has started getting in touch with certain patients to make them aware that some of their protected health information (PHI) may have was accessible.Patient information was held in files on a portable storage device (thumb drive) identified as missing on June 30, 2019. An extensive search of the facility was conducted but the thumb drive could not be found.

An investigation was carried out to determine what files had been stored to the device and which patients had their PHI made accessible.

Files on the storage device were linked to patients who had received inpatient services at Renown South Meadows Medical Center from the time period January 1, 2012 to June 14, 2019. The range of information in the files included names, diagnoses, medical record numbers, clinical data, admission dates, and physicians’ identities.  No Social Security numbers or financial information were saved on the device.

Patients have been warned to use exercise caution in relation to their accounts and monitor their accounts and explanation of benefits statements for any evidence of fraudulent activity. Renown Health will be overlooking its policies covering the use of portable devices such as thumb drives and will be re-training its staff on safeguarding patient data.

The data breach has not yet been published on the Department of Health and Human Services’ Office for Civil Rights’ breach portal, so it is unclear how many patients have been impacted.

This is the second data breach of this nature to be made public in recent days. The New York Fire Department also reported a breach involving the loss of a portable electronic device that held the ePHI of patients of almost 10,000 EMS patients.

These incidents show, once again, the importance of using encryption on all portable electronic devices used to save ePHI for any company or organization. Should a device be lost or stolen, ePHI cannot be seen or impacted by anyone.

Author: Security News