Yikes! Don’t you ever wonder when you throw documents into a shredder bin – do they really get shredded? This is a continuity and privacy nightmare.
Last Thanksgiving in Ohio, a man opened a public recycling bin to toss in some bottles and stumbled upon a massive trove of health records.
The bin on the north side of Springfield, about 50 miles west of Columbus, was filled with documents and films containing the names, Social Security numbers, medical information, dates of birth or other sensitive information on file for 113,000 people at Community Mercy Health Partners, which includes Springfield Regional Medical Center.
It was the fifth-largest data breach in the nation involving paper records since the government began publicly and regularly disclosing the extent of larger breaches in 2009, according to the federal Office for Civil Rights.
The man reported the breach to police, who contacted hospital security. The documents were recovered later that day, two days after a third-party vendor “inadvertently disposed” of the records.
Hospital officials have no reason to believe the information has been used inappropriately in any way, he said, but they have offered free credit monitoring and identity theft protection services to qualifying patients. The actual number of patients potentially affected was far less than the 113,000 reported by the federal government because of duplication, Lamb said.
As a result of the breach, Community Mercy no longer contracts with the vendor, he said. Big surprise!
How sure are you that your documents are properly destroyed??!?!?!