Duke University Health System on Friday disclosed a privacy breach affecting patients of Duke Children’s Health Center and Lenox Baker Children’s Hospital.
On July 1, the hospital system announced, someone stole an unencrypted thumb drive containing information about patients, along with several other items, from an administrative office. A spokeswoman on Friday evening said she did not know how many people were affected.
The theft included information about certain patients who visited Duke Children’s Health Center and Lenox Baker Children’s Hospital between December 2013 and June 2014.
An internal investigation found that the drive contained spreadsheets with patients’ names, medical-record numbers, their physician’s names and, in some cases, the names of some of the Duke medical facilities they’d visited.
The spreadsheets didn’t include “social security numbers, clinical information or financial information,” according to the hospital system. Police have not found the drive, but hospital officials “have no reason to believe” the information “has been used in any way,” a written release stated.
Hospital officials began sending out notices to affected patients Friday, and have established a hotline for patients’ questions at 866-819-2163.
The hospital system encourages people who may have been affected to call the number if they do not receive written notice of the incident by Sept. 19. The line is open on weekdays between 9 a.m. and 9 p.m.
Hospital officials expressed “deep regret” about any inconveniences the incident caused, and promised to enhance encryption processes and training for staff.