NOTICE: To protect the health and safety of the public and our employees, DCP employees will no longer be at 450 Columbus Blvd. Please do not send mail. We recommend using our online services, or sending an email to the appropriate division/person instead. Phone lines will have limited support, and voicemails will be returned when possible. We apologize for any inconvenience.

Press Releases

04/06/2011

Patients of Midstate Medical Center Cautioned About Data Breach

 April 6, 2011                                                                                                          For Immediate Release
 
HARTFORD – Attorney General George Jepsen and Consumer Protection Commissioner William M. Rubenstein are asking Hartford Healthcare and its Midstate Medical Center affiliate in Meriden for more information about a data breach that may have compromised medical records of 93,500 patients.
 
The hospital notified the Attorney General that a hard drive containing protected health information and personal information was taken home by an employee of Hartford Healthcare and subsequently lost.
 
The hard drive contained patient names, addresses, dates of birth, Social Security numbers and medical record numbers.
           
“I strongly believe in protecting the confidentiality of patients’ private information. Hospitals, like health insurance companies, have access to very sensitive health and personal information. They have a duty to protect that information from unlawful disclosure,” Attorney General Jepsen said.
In a letter to the hospitals’ attorney, Jepsen asked that affected patients be provided with two years of credit monitoring services, identity theft insurance, and reimbursement for the costs associated with placing and lifting security freezes. “When protected information is lost or otherwise disclosed, the hospitals have a responsibility to help protect the identities of the individuals affected,” Jepsen said.
 
Jepsen and Commissioner Rubenstein are seeking more information about the hospitals’ policies and practices to protect patient information, how the breach occurred and what is being done to keep it from happening again.
 
“Connecticut law requires companies and organizations that collect and hold personal data to have stringent controls in place to protect that data,” Rubenstein said. “Ensuring that companies comply with the law before consumers get hurt is always more effective than trying to protect consumers after a breach. We will assess the hospitals’ security protocols to assure that a system is in place to prevent this kind of breach from happening again.”
Assistant Attorney General Matthew Fitzsimmons is handling this matter for Jepsen.


###

CONTACT: Susan E. Kinsman, Attorney General; susan.kinsman@ct.gov; 860-808-5324; 860-478-9581 (cell)

Claudette Carveth, Department of Consumer Protection; claudette.carveth@ct.gov; 860-713-6022

Twitter: DCP on Twitter
Facebook: DCP on Facebook