Lost Back-up Disks Affect 315,000 Emory Patients
Emory Healthcare in Atlanta is notifying 315,000 patients that protected information--including Social Security numbers for about 228,000 of them--was on 10 missing back-up disks for an obsolete computer system.
The disks contained data from an information system deactivated in 2007 about patients treated between September 1990 and April 2007, according to the delivery system. The patients were treated at Emory University Hospital, Emory University Hospital Midtown (formerly Emory Crawford Long Hospital) and the Emory Clinic Ambulatory Surgery Center.
Other information on the disks included names, surgery dates, device implants, surgeon and anesthesiologist names, and diagnosis, procedure codes and/or the names of the surgical procedures.
Emory has no evidence that information on the disks has been misused. It is offering affected patients credit and identity protection services through Kroll Inc. and conducting an inventory of all physical spaces across the system to ensure proper securing of data.