The healthcare world continues to be plagued by data breaches. Two providers, Indiana University Health Arnett, Inc. in Lafayette, Ind. and the Regional Medical Center in Memphis, Tenn., both announced incidents, separately, this past week.
At Indiana University Health Arnett, a hospital attached to the university’s health system, an employee’s password-protected unencrypted laptop was stolen from the employee’s car the day before. The laptop included patient names, dates of birth, physicians’ names, medical record numbers, diagnoses, and dates of service. An undisclosed amount of patients were affected by the breach. Arnett has begun contacting the affected patients.
At Regional Medical Center, an academic medical center, leaders announced they discovered that three emails sent out on ranging from October to February of this year included the personal information of some outpatient physical therapy patients. The information included the patient's names, account number, date of birth, social security number, home phone number, and type/reason for physical therapy services.
These two incidents came the same week that North Carolina-based Raleigh Orthopedic Clinic announced a breach of their own. In that one, the clinic may have given X-ray films of 17,300 patients to a third-party vendor, which sold the films to an Ohio-based recycling company that harvested the silver from the X-rays.