Complain about a product or service

Perot Systems Walks Off With Indiana Hospital's Patient Data

By Martin H. Bosworth
ConsumerAffairs.com

October 30, 2006

Data Theft • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

It's been a while since there was a high-profile breach of Americans' personal data, but the Sisters of St. Francis, a hospital chain servicing Indiana and Illinois, wins the dubious honor of putting data theft back on the front page.

St. Francis reported that an employee of Perot Systems, a contractor that was aiding the hospital with its medical billing records, walked off with three compact discs (CDs) containing the personal and medical billing information on 260,000 patients.

The unidentified employee then exchanged the bag for another one, but left the CDs inside.

According to hospital officials, the original bag containing the CDs was returned to the hospital, and they were "confident the data was not accessed."

The data mishap took place on July 28 of this year, but affected patients were not notified until Oct.9.

Lisa Decker, director of public relations for Greater Lafayette Health Services, which oversees St. Francis, told reporters this was due to "intensive investigation" of what may have happened to the CDs between the time of their loss and subsequent recovery.

Perot Systems, an information technology company based in Plano, TX, was founded by eccentric millionaire and former Presidential candidate H. Ross Perot.

A Growing Problem

The loss or theft of medical data is one of the most pervasive forms of data breaches consumers have to fear. As hospitals and medical providers move closer to implementing completely electronic storage of personal information, tales continue to surface of missing thumb drives, stolen laptops, and breaches of networks containing patients' medical data.

In December 2005, a laptop containing information on 365,000 patients of the Pacific Northwest's Providence Health Care system was stolen from an employee's van. The theft was not disclosed until January 25, and was not made public until February 2.

Health insurance provider Aetna lost a laptop containing data on 38,000 clients in May of 2006. The clients were companies that bought group insurance policies for their employees, none of whom wished to be identified.

And in August, Compass Health disclosed the theft of a laptop containing an unspecified amount of data on patients of the health provider since October of 2005. The laptop itself had gone missing in July 2006, but the theft went unpublicized for a month.

Aside from data thefts, health privacy law has so many loopholes and shortfalls that the legal sale of patients' health care records is accelerating at a breakneck pace.

As Congress and the Bush administration continue to push for a nationwide standard for electronic sharing of health information, medical privacy breaches may soon become the rule, not the exception.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |