The University of Alabama at Birmingham mailed letters to 652 patients notifying them of an incident at its Viral Hepatitis Clinic which may have exposed their protected health information, the hospital told Becker's Hospital Review.
On October 25, two USBs used to transfer electronic information to a computer form a Fibroscan machine that evaluates liver disease went missing. The hospital cannot determine whether the data on the USBs has been accessed or viewed by a third party.
Patient first and last names, birthdate, gender, diagnosis, date and time of the examination, numbers and images associated with the test results and — in some cases — the name of the referring physician were contained on the USBs. No addresses, phone numbers, Social Security numbers or any financial information were included.
"We care deeply for our patients' wellbeing and their quality of life,"the letter sent to affect individuals read. "UAB Medicine takes the protection of our patients’ PHI very seriously and sincerely regrets this possible exposure. We conducted an extensive search for the USB sticks and continue to investigate the incident. We have implemented measures to prevent a similar breach in the future and will continue to evaluate our operations."
The hospital said the risk of any potential harm is low because of the limited data involved. However, officials have provided affected individuals one year of free credit monitoring and reporting services.
More articles on cybersecurity:
Lawmakers introduce stronger data breach notification law