Five details:
1. One of the health system’s third-party vendors misplaced a CD used to perform software updates on June 12. The health system conducted an investigation and searched for the CDs in the hospital, but was unable to find them.
2. The health system determined the CDs included patient information and were not password-protected.
3. The CDs contained patient names, birth dates, medical record or patient account numbers, service dates and lab results.
4. There were 4,938 individuals affected by the breach, according to HHS.
5. The health system changed its policy to require all backup information be stored in a secure location on the hospital’s network. It also aims to eliminate the use of CDs for performing backup services.
More articles on cybersecurity:
Scammers posing as Spectrum Health employees are calling patients to steal their PHI, health system warns
Advocate Aurora reports breach after paper records left at former hospital: 3 details
The future of health data privacy: 6 things to know
