A missing flash drive has prompted Columbus-based OhioHealth to notify patients of a potential data breach.
The health system discovered the unencrypted flash drive was missing May 29, 2015. The device has not yet been recovered, but OhioHealth said in the notice that it has no reason to believe the flash drive was stolen or inappropriately used. The flash drive was last used on an OhioHealth computer in a non-public area on April 14, and the health system believes it was likely misplaced by an employee.
The flash drive contained information including patient names, medical record numbers, names of insurance companies, physician names, addresses, birth dates, referral and treatment dates, type of procedure and some clinical information and Social Security numbers.
Affected patients include those who were candidates for valve replacements or who participated in research projects related to valve replacements at Riverside Methodist Hospital between July 2010 and December 2014.
According to The Columbus Dispatch, the flash drive contained information on 1,006 patients.
Additionally, OhioHealth told The Columbus Dispatch it will shift to encrypted flash drives at its hospitals in central Ohio within 45 days.
More articles on data breaches:
Planned Parenthood website hacked by antiabortion group
Criminal fraud data breach affects 5,300 Healthfirst members
Meritus Health reports data breach due to inappropriate vendor access