Emory Healthcare says 315,000 patient records missing, data compromisedReprints
ATLANTA—Emory Healthcare announced this week that backup disks containing approximately 315,000 patient records had gone missing from a storage location at Emory University Hospital.
In a statement released Thursday, the Atlanta-based health care system said there had not been any attempt to breach Emory's digital files. The missing records pertain to surgical patients treated at three Emory Healthcare facilities, including the main and midtown Emory University Hospitals and the Emory University Hospital Midtown in Atlanta, between 1991 and 2007.
The records went missing in early or mid-February, according to an internal investigation, Emory said.
Emory Healthcare said affected patients would be given access to identity protection and credit monitoring provided by New York-based Kroll Inc.
About 228,000 of the compromised records included Social Security numbers, Emory said in its statement. Patient names, dates of surgery, diagnoses, surgical procedures, device implant information and surgeon names also were likely contained in the records, Emory said.
“We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information,” John T. Fox, president and CEO of Emory Healthcare, said in the organization’s statement. “While we have no evidence at this time that any personal information has been misused as a result of this incident, we want to take all precautions to ensure our patients’ information is safe.”
“We are moving forward expeditiously with providing all affected patients, at our cost, access to identity protection services, including credit monitoring,” Mr. Fox added.
Emory began notifying affected patients of the missing records on April 17 via letters to their homes.