Hundreds of BMC patients' info found on vendor's thumb drives
PITTSFIELD - Personal information on hundreds of Berkshire Medical Center cardiology patients have been found on thumb drives recovered from a former employee of an outside service vendor, the hospital reported on Wednesday.
There is no indication that any personal data was misused, according to the vendor, Ambucor Health Solutions of Wilmington, Del.
Due to the number of patients involved in this incident, BMC has reported the matter to the federal government.
Ambucor, which was contracted to provide remote monitoring for cardiac devices, reported to BMC that it had discovered the thumb drives, which appear to have contained the following information: patient's names; date of birth; home address; phone number; medications; ethnicity; testing data; and patient identification number. They also appear to have contained medical device information, such as the manufacturer, diagnosis, Ambucor enrollment number and enrollment date; Ambucor technician name; physician name(s) and the name and address of the practice where the patient was seen - Cardiology Services of BMC.
The thumb drive did not include Social Security numbers, insurance, Medicaid/Medicare and financial information. According to BMC,
Ambucor initially reported to the hospital that a company employee had e-mailed information about 41 BMC patients to his own personal computer. Ambucor notified each of those 41 patients about the incident and offered free credit monitoring and ID theft protection.
As the investigation continued, Ambucor discovered in September that two thumb drives recovered from its employee contained patient information involving all 1,745 BMC patients, including some of the 41 previously identified.
Ambucor is notifying all patients impacted, and is offering one year of identity protection services, and if necessary, related recovery services and $1 million identity theft insurance at no cost.
Ambucor has assured the hospital that it has taken steps to improve its security protections for patient information and reduce the possibility of any future occurrence.
Patients with questions can call BMC cardiology at 413-447-2662, or the Berkshire Health Systems Privacy Department at 413-445-9321.
Reach Business Editor Tony Dobrowolski at 413-496-6224.-
TALK TO US
If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.