The device had information on patients who received home infusion services during September 2012 or who were referred to Continuum for services from August 2007 through September 2012.
The university learned on Oct. 5 that the device went missing around that date, according to statements to patients and the media. Information on the device included names, addresses, diagnoses, medications, and insurance identification numbers that included “some” Social Security numbers. No financial information was on the device.
A spokesperson says a total of 1,846 patients or potential patients were affected. The hospital declines to specify how many Social Security numbers were involved, releasing this statement to Health Data Management: "Even though we do not believe that this device has been accessed by anyone, we prefer not to publicize the number of Social Security numbers that were on the device out of an abundance of caution to help protect the patients whose information was on the device".
The hospital will pay for one year of credit monitoring services for those with compromised Social Security numbers, according to the spokesperson.