Indiana University Health Arnett Hospital in Lafayette is notifying patients the system became aware Nov. 20 that an unencrypted flash drive was missing from its emergency department.
"We immediately began an investigation and determined that the device contained spreadsheets with limited patient information from emergency department visits that occurred between Nov. 1, 2014 and Nov. 20, 2015," the notice reads. "The spreadsheets may have included patients' names, dates of birth, ages, home telephone numbers, medical record numbers, dates of service, diagnoses and treating physicians."
IU Health says the spreadsheets didn't include financial information, medical records or Social Security numbers. The system does not suspect the information on the device has been improperly accessed or used and is taking steps to improve the security and protection of portable storage devices by reviewing current policies and procedures.
More articles on data breaches:
OCR expected to increas HIPAA audits in 2016
25 things to know about the state of health IT
5 biggest healthcare data breaches of 2015