The Medical Center at Bowling Green (KY) is notifying 5,418 patients of a breach of personal health information after the theft of a computer hard drive from the hospital's mammography unit. The hard drive contained data on patients who underwent bone density testing at The Medical Center between 1997 and 2009.
"We have no reason at this point to believe the device was stolen for the information on it or that any personal information has been released or used," the hospital said in a statement posted on its Web site.
The personal information on the hard drive was not encrypted, the hospital said.
The Medical Center staff discovered the theft on April 1, launched an internal investigation, and reported the theft to local police. Information in the hard drive includes each patient's full name, date of birth, address, medical record number, and physician name. Some patients' records also include Social Security numbers, weight, height, and menopause age.
"As a result of this breach, steps are underway to further strengthen the security of patient information," the hospital statement read. "We will now archive data to a secure network, which will allow us to eliminate the need for use of a hard drive like the one that was stolen. Additionally, we will ensure that we do not have any other equipment configurations that utilize a portable hard drive containing non-encrypted data."
The hospital is urging affected patients to monitor accounts and bank statements each month and check credit reports on a regular basis, and has notified the Department of Health and Human Services about the breach.