30,000 patients of Indiana University Health’s Arnett Hospital Compromised

Almost 30,000 patients of Indiana University Health’s Arnett Hospital were informed of a potential compromise of their Protected Health Information after an unencrypted flash drive went missing from its emergency department on November 20, 2015. The flash drive was lost in a publically inaccessible part of the hospital so officials do not believe patient data was viewed by a third party. Data breach notification letters were sent to the concerned patients in January to notify them of the potential compromise. While the flash drive did not contain social security numbers or other financial information, it did include spreadsheets of patient names, medical record numbers, birthdates, and medical diagnoses.

As this surprisingly warm winter continues, more and more of us are finding ourselves at the doctor’s office with a cold or other symptoms of being sick. As we fill out patient forms and write down our personal information, we must start asking ourselves, who’s seeing this and how is it being managed? While nurses and doctor office personnel are trained to handle our data with care, we know that mistakes happen.

My dermatologist took a photo of my forehead on an iPad yesterday and all I could think was, is that thing secured? Where is that photo going? Who’s going to see it? While I may be asking those questions because of my profession, I wonder how many of us are not! I guess what I’m trying to say is, I’m a little tired of receiving my “free” identity monitoring service codes because of security unconsciousness.  Aren’t you guys?