For the second time in a year, the University of Texas MD Anderson Cancer Center (MD Anderson) is faced with a data breach. After a computer containing patient and research information was stolen from a physician's home was stolen in April, an unencrypted portable hard drive (a USB thumb drive) was lost by a trainee on an employee shuttle bus, the Cancer Center reported.
The USB drive contained some patient information, including patient names, dates of birth, medical record numbers and diagnoses, and treatment and research information, MD Anderson reported. It contained no patient Social Security numbers or other financial information.
The Cancer Center says it is working to encrypt all portable devices that contain information. It says it has purchased a number of encrypted USB thumb drives for distribution to our employees who handle sensitive data. The Cancer Center says it is reinforcing employee education around our privacy policies that govern the handling of patient information and the use of portable devices to transport such data.
The Center says it has begun mailing notification letters to those affected.
Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.