A hospital in New Jersey is notifying patients of a data breach where a disk containing sensitive information went missing in June.
The unencrypted CD contained data of Medicaid patients, which was mailed out June 13 to a company that reviews payments and was expected to arrive at its destination on June 16.
When no word was received on the arrival of the disk, the hospital contacted UPS, who informed the hospital on July 22 that the package could not be located.
The CD contained patients’ names and some social security numbers from 2011. The hospital says no information regarding diagnoses and treatments were on the disk however the hospital has refused to comment on how many patients are affected but has begun contacting people via letter.
Patients whowere informed:
“Included on this CD was your name and social security number. The CD may have also included the following information about you: date of birth, the internal Medical Center medical record number, gender”
Data relating to number of visits to the hospital may have been included as well.
“Patients are being told to monitor their credit reports and financial accounts,” reports NJ.com
UPS says it has no reason to be believe that the data has fallen into malicious hands but has not provided any more comment on how the package went missing.
Jersey City Medical Center has not said why data was mailed unencrypted or why encryption tools have not been implemented. In its letter, the hospital adds: “Technological measures and retraining are also being implemented to minimize the chance of other such incidents.”