Flash drive misuse creates a breach for Greenville Health
Approximately 2,500 cardiology patients treated at Carolina Cardiology Consultants, a practice that is part of Greenville (S.C.) Health System, will receive one year of identity protection and recovery services following a data breach.
Ambucor Health Solutions, a subsidiary of ScottCare Corp. and a business associate that offers remote monitoring of cardiac patients, learned that one of its employees inappropriately downloaded a range of demographic information that included patient names, birth dates, addresses, phone numbers, race, diagnoses, medications, patient identification numbers and physician names, among other data.
Financial and insurance information was not accessed; although one patient’s Social Security number was downloaded, the specialty practice noted.
Ambucor Health Solutions did not learn of the breach until July 2016, when police gave the vendor two flash drives “that the former employee turned over to them after his departure from the company,” according to a statement on Greenville Health’s web site.
Ambucor conducted a forensic review of the flash drives and in late September started to notify affected patients, as well as notifying Greenville Health. A spokesperson was not available for additional comment.