On Wednesday, Emory Healthcare -- an Atlanta-based health care system -- announced that it cannot locate 10 computer discs containing personal data on 315,000 patients, the Atlanta Journal-Constitution reports (Teegardin, Atlanta Journal-Constitution, 4/18).
Details on the Breach
John Fox -- Emory Healthcare president and CEO -- said the discs went missing from storage between Feb. 7 and Feb. 20 (Karkaria, Atlanta Business Chronicle, 4/18).
The 10 missing discs contained information on all patients who received surgery at the Emory Clinic Ambulatory Surgery Center, Emory University Hospital or Emory University Midtown between September 1990 and April 2007.
Data stored on the discs included patients':
- Names;
- Diagnoses;
- Surgeons; and
- Surgical procedures (Atlanta Journal-Constitution, 4/18).
In addition, about 228,000 of the missing records included Social Security numbers, Emory Healthcare said.
Response From Emory Healthcare
On Tuesday, the health care system began notifying affected patients about the breach.
Fox said, "We are moving forward expeditiously with providing all affected patients, at our cost, access to identity protection services, including credit monitoring" (Conn, Modern Healthcare, 4/18).
Emory Healthcare said there is no evidence that the missing personal information has been misused (Atlanta Business Chronicle, 4/18).