Lost hard drive at Massachusetts group practice results in breach

Register now

Charles River Medical Associates, a part of Partners Healthcare System with 75 multispecialty providers serving 15 sites in the Boston area, last November discovered that an unencrypted portable hard drive was missing.

As a result of the loss of the hard drive, the organization sent a data breach notification to 9,387 individuals.

The hard drive was used to perform monthly backups of the Bone Density Testing workstation. “After conducting an extensive investigation, CRMA could not locate the hard drive,” the organization said. “Without being able to find the hard drive, CRMA cannot determine whether the information stored on the hard drive has been compromised.”

Patient data at risk includes names, dates of birth, patient identification numbers and radiology images.

Addresses, phone numbers, credit card numbers, insurance information, financial information and Social Security numbers were not among the compromised information.

Also See: Do you know where your hard drives are?

Charles River now is auditing all hardware and software systems to assess the need to increase security and limit use of removable storage devices, while also reinforcing privacy and security expectations via additional staff training, the organization reported in a public notice.

The organization is advising affected individuals to monitor their credit reports and get credit reports from credit services firms Experian, TransUnion and Equifax. Individuals finding suspicious activity in their credit accounts are asked to contact Charles River and local law enforcement.

The breach notification letter to patients did not include an offer of credit monitoring and identity theft protection services as information on the hard drive is publicly available and poses a very low risk of financial fraud, according to a Partners spokesperson.

For reprint and licensing requests for this article, click here.