July 23, 2018
Bangor Latest News | Poll Questions | Trump Tape | Clean Cannabis | Thomas Hill Standpipe

EMMC waited a month to alert patients of possible data breach

Ashley L. Conti | BDN
Ashley L. Conti | BDN
The main entrance of Eastern Maine Medical Center. File photo.
By Meg Haskell, BDN Staff

More than a month after discovering that a computer hard drive is missing, Eastern Maine Medical Center is alerting hundreds of patients by mail that their personal and medical information could be in jeopardy.

The hospital has asked the FBI to help investigate the disappearance of the external hard drive, a 2-by-4 inch box that was connected to a desktop computer at the hospital’s State Street facility. Hospital officials learned of its absence on Dec. 22. It was last confirmed to be in its normal place on Dec. 19.

The missing hard drive contains information on 660 of the patients who underwent cardiac ablation between Jan. 3, 2011 and Dec. 11, 2017. Hospital spokeswoman Tricia Denham said additional patients underwent ablation during that period but had their records stored elsewhere.

Asked why it took more than month to notify the affected 660 patients, Denham said the hospital wanted to first conduct a careful search for the device. She added that EMMC then needed to figure out which patients’ information was on the device and what to advise them to do.

The 660 whose data is on the missing hard drive will receive a letter within a few days, Denham said. Those patients will be advised to take precautions to protect their identity and be offered an identity theft monitoring service free of charge for a year.

The hard drive, owned and operated by an outside vendor, contains patients’ names, dates of birth, dates of their care, medical record numbers, one-word descriptions of their medical condition and images of their ablation, according to an EMMC press release.

Social Security numbers, addresses and financial information were not stored on the device, the release said.

The vendor, which EMMC has refused to identify, notified hospital officials of the device’s disappearance.

According to EMMC, the risk of identity theft as a result of the device’s disappearance is low, but patients are being contacted out of “an abundance of caution.”

“We take our commitment to uphold our patients’ privacy very seriously and are reviewing our processes to strengthen data security,” EMMC President Donna Russell-Cook said in the release.

The hospital is telling patients whose data may have been breached that it has established a special phone line to assist them. They can call 1-855-973-8200, Monday through Friday, 8 to 3.

Follow the Bangor Daily News on Facebook for the latest Maine news.

 


Have feedback? Want to know more? Send us ideas for follow-up stories.

You may also like