Storage unit went missing from locked server room

Apr 17, 2015 14:55 GMT  ·  By

Personally identifying information belonging to patients of American Sleep Medicine involved in sleep studies carried out in 2012 has been exposed after a hard drive was stolen from a server room.

The association noticed that the storage device was missing on March 3 and its last known whereabouts was a locked server room, where only authorized personnel had access.

No SSNs or driver's license numbers exposed

Jim Evanger, President of the California branch (on Murphy Canyon Road in San Diego) of the organization, and Tina Kassis, Chief Compliance Officer, disclosed the incident in a letter to impacted individuals, whose number is estimated to be greater than 500.

The personal data available on the hard drive included names, dates of birth, referring doctor, interpreting doctor, medical history, and the results of the sleep experiment.

The letter informs that social security numbers, driver’s numbers or financial information was not present on the drive.

Given that the room was under lock and key, the event raises suspicion that the perpetrator may have been an employee. It is unclear if the storage unit was a removable one. A different possibility is that the unit was simply misplaced, although the premises have been searched.

Health insurance benefit statements should be checked

However, the institute dedicated to diagnosing and treating sleep disorders took some measures to avoid similar incidents in the future.

“Please know that we are taking all necessary steps to prevent a similar incident from occurring again. This includes removing and destroying all remaining external hard drives moving forward,” the letter reads.

The organization does not see any indication that the data on the lost hard drive was used for nefarious purposes.

As a precaution, individuals whose data may be exposed are recommended to review the explanation of benefit statements received from the health insurance carrier to make sure that a third party does not profit from medical advantages.

Additionally, even if financial information has not been compromised, it is advisable to check credit reports and bank account statements for any suspicious activities.