Unsecure Flash Drives Create Potential For Data Breaches

Flash drives and hard drives contain an enormous amount of electronic Protected Health Information (ePHI). Many offices have flash drives and hard drives stored in unsecured locations creating the potential for a costly data breach.

By: Sara Heath, HealthITSecurity.com.

Health data breaches due to misplaced flash drives seem to be a rising trend recently, as Lawrence General Hospital is yet another healthcare organization to report an incident. On August 7, the hospital put out a press release outlining the details of the data breach.

The flash drive was reported as missing on June 9, and Lawrence General immediately began a thorough investigation, according to the statement. Lawrence General determined that the flash drive was last used in a hospital lab on June 6, and contained very limited patient information. The information on the flash drive included lab testing information such as patient names, lab testing codes, and slide identification numbers.

The hospital maintains that no Social Security numbers, dates of birth, or clinical and financial information have been compromised. The press release does not indicate how many individuals may have been affected.

Although Lawrence General Hospital maintains that this security breach is very limited in scope and that there is no reason to believe that the information has been misused, it is still working to minimize the scope of the situation. August 7 the hospital began mailing data breach notification letters to affected individuals. In addition, it is reeducating staff members and ensuring they understand how to properly handle patient data.

Lawrence General Hospital expressed regret that the incident occurred, and emphasized its ongoing commitment to health data security and patient privacy.

“We at Lawrence General Hospital value the importance of protecting the privacy and confidentiality of our patients, employees and others who entrust us with their personal information,” the hospital wrote in its press release.

As previously mentioned, throughout the past few months, health data breaches due to misplaced flash drives or external hard drives have been increasing.

In July, OhioHealth reported a similar data breach. After discovering that a flash drive had gone missing on May 29, the healthcare provider conducted a thorough investigation of the data breach. In total, approximately 1,006 patients’ data became vulnerable, and about 30 Social Security numbers compromised. OhioHealth apologized for the breach, and reinforced its commitment to patient information security.

“OhioHealth is deeply committed to the sacred trust that we hold in providing quality care to our patients and families, including as it relates to the protection of their confidentiality,” OhioHealth said in a statement. “We sincerely apologize and regret that this incident has occurred.”

Health data breaches due to missing storage devices have also occurred on larger scales. In South Carolina, a safe containing two flash drives and two hard drives was reported missing. The information on the devices pertained to EMS patients between 2004 and 2014. The missing drives included Social Security numbers, patient names and addresses, and clinical information. It was not indicated how many individuals were affected.

As breaches of this nature continue to occur, it is important that healthcare providers continue to emphasize to employees the importance of health data security, and reeducate them in how to properly handle devices storing sensitive patient information.