For IMMEDIATE RELEASE
Date: May 5, 2017
THEFT OF EXTERNAL HARD DRIVE WITH PATIENT INFORMATION
New Orleans, LA – Theft of an external hard drive from an LSU Health New Orleans office containing patient information of approximately 2,200 patients recently occurred. The theft occurred in the Department of Neurology Research on or around March 6, 2017. Law enforcement was notified immediately, and a suspect was arrested. The hard drive, which contained patient lists for research studies, has not been recovered.
LSU Healthcare Network has identified the patients whose information was on the hard drive by reconstructing files from the researcher’s desktop computer. This patient information included names, dates of birth, and diagnosis and treatment codes but did not include Social Security numbers, credit card or bank account information, or other patient health data.
LSU Healthcare Network is directly notifying the individuals whose information was on the hard drive. Patients of Drs. Olejiniczak, Bagert, Tender, Guiterrez, Fisch and Mader from 1998 to 2009 who do not receive a notification letter are asked to call toll free 1-844-557-2564 or email firstname.lastname@example.org to learn whether any of their information was on the missing hard drive. Although LSU Healthcare Network is not aware of any unauthorized access to the data or any other misuse of the data, patients of these physicians are encouraged to visit the website www.identitytheft.gov, which provides a step-by-step process to protect against, respond to, and recover from any identity theft, if it occurs.
LSU Healthcare Network policy requires users of its IT system to take reasonable care to prevent unauthorized disclosure of protected health information, including requiring users to use encrypted mobile devices. This policy was not adhered to in this instance, and appropriate remedial action will be taken. In addition, LSU Healthcare Network is updating its information security policies and procedures to further reduce the risk of a future breach. These improvements will be included in the information security training that all employees and students are required to complete.
LSU Healthcare Network regrets any inconvenience this incident may have caused. To mitigate any potential consequences of the loss of the hard drive, LSU Healthcare Network is offering a one year subscription to a credit monitoring service to affected patients. Individuals who wish to take advantage of this service or would like additional information should call 504-412-1565. Patients outside the 504 area code should call 1-844-557-2564. Questions and requests may also be sent via email to email@example.com.