LOUISVILLE, Ky.—Authorities at Our Lady of Peace psychiatric hospital are warning patients that they could be at risk for fraud after a flash drive containing information on 24,600 patients went missing from the facility.
Officials believe the drive has been missing since March 31 or April 1, and it has yet to be found, according to Courier-journal.com. Information on patients admitted since 2002, such as patient names, room numbers, insurance company names and admission and discharge dates were on the drive. However, Social Security numbers, diagnoses or treatments, dates of birth, telephone numbers or addresses were not included.
Additionally, information on patients assessed since 2009 but were never admitted was also available on the missing flash drive. The drive included the patients’ names, date of assessment, date of birth and the time they left the hospital. It did not included diagnoses or treatments, Social Security numbers, telephone numbers, addresses or insurance information.
Hospital officials declined to say how or why the breach happened; however, they did say employees were receiving training on how to handle patient information and protect electronic information; using encryption devices to scramble data on software computers; and taking appropriate disciplinary action.
Affected patients received letters from the hospital, apologizing for the data breach and urging patients to contact one of three credit bureaus to place fraud alerts on their credit reports.
For additional information, click here.