Norfolk, Va. – Two portable hard drives were taken from two electrophysiology labs from Sentara Heart Hospital during the weekend of August 14.
Someone stole the machines from an area of the hospital that is usually restricted to staff and patients.
It is believed that the hard drives were taken for street value rather than releasing patient information to commit identity theft or fraud.
Information from 1,040 patients who underwent electrophysiology procedures between September 4 to August 14 at Sentara Heart Hospital was on the hard drives.
The information released was limited to name, date of birth, a unique patient identification number created by Sentara, and notes from doctors about the procedures.
The risk management team and the Sentara system privacy manager conducted an internal investigation that included interviews with people who were working in the electrophysiology labs that weekend. The investigation was closed on September 29.
“Portable hard drives are now secured in a locked drawer at all times, connected by cable to the laptops being used,” a communications advisor for Sentara said. “Only management personnel have keys. Additional security improvements are planned to further limit access to the clinical area affected.”
Sentara sent the following letter to patients affected by the incident:
As part of the Sentara Commitments to you, our patient, we strive to protect the confidentiality of your personal information. Regrettably, we are writing to inform you of an incident involving that information.
On August 20, 2015, Sentara first learned that two unencrypted hard drives were missing from two Electrophysiology labs located within Sentara Heart Hospital in Norfolk Virginia. We immediately began our own internal investigation.
The information on the hard drives contained backups of electronic notes taken during procedures performed in those two rooms. The information included your name, unique medical record number, date of birth, procedure date, diagnosis, procedure, surgeon and staff names, allergies, notes and medications that relate only to the procedure performed. The hard drives did not include your social security number, or billing information.
We assure you that we are committed to the security of your personal information and are taking this matter very seriously. To help prevent this from happening in the future, we are reevaluating the access to these lab rooms and working to ensure the backup drives will be protected.
If you have any questions, or you need further assistance, you may contact 1-844-322-8235, between the hours of 8 am to 6 pm Eastern time. Please refer to incident number COE151471.
Chief Compliance Officer
Chief Privacy Officer