Reproductive Medicine Center doctor loses patient data on flash drive
Technorati Tag: Security Breach
Date Reported:
1/30/08
Organization:
University of Minnesota Physicians
Contractor/Consultant/Branch:
Reproductive Medicine Center
Victims:
Patients
Number Affected:
3,100
Types of Data:
Patient information including details of infertility treatments
Breach Description:
A doctor with the University of Minnesota Physicians, Reproductive Medicine Center lost a flash drive containing sensitive personal information belonging to patients. He was using the flash drive to back-up his data.
Reference URL:
WCCO Channel 4 news
AOL Video
Report Credit:
Esme Murphy, WCCO
Response:
From the online sources cited above:
Dr. Theodore Nagel, a doctor at the fertility clinic, lost a flash drive that he used to back up his computer. The drive holds details of infertility treatments for 3,100 patients going back to 1999.
The physician who is affected is absolutely mortified and we are also very concerned," said Dr. Bobbi Daniels, U of M Physicians Medical Director.
University of Minnesota regulations require doctors to encode information on flash drives. Nagel did not do that on his flash drive nor did he use a password.
[Evan] It's nice to see that the University of Minnesota has requirements for how information on flash drives must be stored. It stinks that Dr. Nagel did not follow the requirements. I wonder if he was aware.
"I think this would be the hardest for people that are currently undergoing fertility treatments," said Amy Anderson, a former infertility patient.
"You are talking about your sexuality and just a lot of private medical issues," said Anderson.
"It is hard but once and a while accidents do happen," said Anderson.
Nagel reported the loss of the drive himself and he's written the patients a letter of apology.
[Evan] I almost feel bad for Dr. Nagel
The clinic has also set up a hot line for those affected. The lost drive did not contain any financial or social security information.
Commentary:
No financial risk to affected individuals, but huge personal privacy risk. A word or two, do NOT use flash drives as data backups. If you must, then don't go WITHOUT strong encryption (and don't write down the key/password).
Past Breaches:
Unknown
Date Reported:1/30/08
Organization:
University of Minnesota Physicians
Contractor/Consultant/Branch:
Reproductive Medicine Center
Victims:
Patients
Number Affected:
3,100
Types of Data:
Patient information including details of infertility treatments
Breach Description:
A doctor with the University of Minnesota Physicians, Reproductive Medicine Center lost a flash drive containing sensitive personal information belonging to patients. He was using the flash drive to back-up his data.
Reference URL:
WCCO Channel 4 news
AOL Video
Report Credit:
Esme Murphy, WCCO
Response:
From the online sources cited above:
Dr. Theodore Nagel, a doctor at the fertility clinic, lost a flash drive that he used to back up his computer. The drive holds details of infertility treatments for 3,100 patients going back to 1999.
The physician who is affected is absolutely mortified and we are also very concerned," said Dr. Bobbi Daniels, U of M Physicians Medical Director.
University of Minnesota regulations require doctors to encode information on flash drives. Nagel did not do that on his flash drive nor did he use a password.
[Evan] It's nice to see that the University of Minnesota has requirements for how information on flash drives must be stored. It stinks that Dr. Nagel did not follow the requirements. I wonder if he was aware.
"I think this would be the hardest for people that are currently undergoing fertility treatments," said Amy Anderson, a former infertility patient.
"You are talking about your sexuality and just a lot of private medical issues," said Anderson.
"It is hard but once and a while accidents do happen," said Anderson.
Nagel reported the loss of the drive himself and he's written the patients a letter of apology.
[Evan] I almost feel bad for Dr. Nagel
The clinic has also set up a hot line for those affected. The lost drive did not contain any financial or social security information.
Commentary:
No financial risk to affected individuals, but huge personal privacy risk. A word or two, do NOT use flash drives as data backups. If you must, then don't go WITHOUT strong encryption (and don't write down the key/password).
Past Breaches:
Unknown
Posted by Evan Francen at 2/1/2008 4:39 PM 
Categories: University of Minnesota Physicians, Lost Device
Categories: University of Minnesota Physicians, Lost Device
Posts Atom 1.0
Comments