CareMeridian, which operates subacute care facilities in California, Arizona, Nevada and Colorado, mailed letters to 1,922 individuals after it discovered an unencrypted disk sent by a third-party associate had been lost in the mail, CareMeridian spokesperson Dwight Robson told Becker's Hospital Review.
The lost disk contained patients' names and limited medical information, as well as the Social Security numbers of 19 individuals. However, the organization does not have any indication of actual or attempted misuse of the information.
Mr. Robson emphasized the disk contained financial documents related to revenue testing, so for the vast majority of individuals affected, the documents only identified them as CareMeridian patients.
"CareMeridian takes seriously its responsibility to safeguard the confidentiality, privacy and security of information in our custody. We have security measures in place and are taking additional steps to enhance data security going forward. We regret that any information was put at risk," the organization wrote in a press release.
More articles on cybersecurity:
Google exploring a blockchain solution for its cloud
UK surgeon believes hackers used his computer to lead warplanes to Syrian hospital
1 February data breach took 4 years to discover: 7 statistics on last month's data breaches