A Colorado health department surveyor lost an external drive with copies of patient records from Cedar Springs Hospital.
Three details:
1. The Colorado health department requested Cedar Springs Hospital provide a copy of multiple records on an external device in October and the Colorado Springs-based hospital complied.
2. On Oct. 28, Cedar Springs Hospital learned the device provided was not encrypted, contrary to the state health department's policy, and the surveyor had misplaced it.
3. The hospital identified names, addresses, birth dates and Social Security numbers contained on the misplaced device. There was also medical information such as treatment history and diagnoses on the device.
More articles on cybersecurity:
Presbyterian Health Plan misdirected mailing incident exposes 3,500+ individuals' info
UVM Health cyberattack losses to exceed $63M: 5 details
Fired physician still had access to Illinois nursing center's EHR, potentially exposing 1,000+ individuals' info