Emory Healthcare announced Wednesday that it cannot locate 10 computer discs containing personal and health information of 315,000 patients.
The missing discs held back-up data that included information on all patients who had surgery at Emory University Hospital, Emory University Midtown and The Emory Clinic Ambulatory Surgery Center between September 1990 and April 2007. The discs contained protected health information, including patient names, along with the diagnosis, the name of the surgical procedure and the surgeon. Approximately 228,000 of the patient records also included Social Security numbers.
John T. Fox, president and CEO of Emory Healthcare, said at a press conference Wednesday that the discs were not obtained through "hacking" of the Emory system. He said the computer discs were back-ups of data from an old system no longer in use. The discs had been stored in an office. Emory launched an investigation, Fox said, when an employee discovered that the discs were missing. They were removed sometime between February 7 and February 20, the investigation has determined.
Patients whose information was included on the discs are being informed of the situation via letters sent to their homes, Fox said. All of the affected patients will be provided access to free identity protection services, including credit monitoring, Fox said.
"We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information," Fox said. "While we have no evidence at this time that any personal information has been misused as a result of this incident, we want to take all precautions to ensure our patients' information is safe."
About the Author
