About 4,000 University of Michigan Health Systems patients may have had sensitive medical data stolen.
The breach occurred Nov. 14 when hospital equipment provided by Omnicell, a UMHS vendor, was stolen from the vehicle of an Omnicell employee, the reported. The stolen information included information about patients' medication regimens and other private information but did not include credit card or Social Security information that could be used to commit identity theft or fraud.
Omnicell admitted to UMHS it had violated both its own and UMHS' procedures by storing the information on an unsecured device, the Free Press said. Affected patients are to receive letters with details of the breach in the next couple of days.
This year has been a rough one for hospital data security. In April the records of 315,000 former patients of in Atlanta were put at risk when 10 discs went missing from a storage facility. The next month, a employee lost a laptop containing almost 2,200 patient records. In June patients at Memorial Sloan Kettering Cancer Center in New York were informed that patient data inadvertently had been embedded in a PowerPoint presentation, publicly available on the Internet. And in September investigators discovered that University of Miami hospital staffers may have sold patient data.