April 6, 2011 For Immediate Release
HARTFORD – Attorney General George Jepsen and Consumer Protection Commissioner William M. Rubenstein are asking Hartford Healthcare and its Midstate Medical Center affiliate in Meriden for more information about a data breach that may have compromised medical records of 93,500 patients.
The hospital notified the Attorney General that a hard drive containing protected health information and personal information was taken home by an employee of Hartford Healthcare and subsequently lost.
The hard drive contained patient names, addresses, dates of birth, Social Security numbers and medical record numbers.
“I strongly believe in protecting the confidentiality of patients’ private information. Hospitals, like health insurance companies, have access to very sensitive health and personal information. They have a duty to protect that information from unlawful disclosure,” Attorney General Jepsen said.
“I strongly believe in protecting the confidentiality of patients’ private information. Hospitals, like health insurance companies, have access to very sensitive health and personal information. They have a duty to protect that information from unlawful disclosure,” Attorney General Jepsen said.
In a letter to the hospitals’ attorney, Jepsen asked that affected patients be provided with two years of credit monitoring services, identity theft insurance, and reimbursement for the costs associated with placing and lifting security freezes. “When protected information is lost or otherwise disclosed, the hospitals have a responsibility to help protect the identities of the individuals affected,” Jepsen said.
Jepsen and Commissioner Rubenstein are seeking more information about the hospitals’ policies and practices to protect patient information, how the breach occurred and what is being done to keep it from happening again.
“Connecticut law requires companies and organizations that collect and hold personal data to have stringent controls in place to protect that data,” Rubenstein said. “Ensuring that companies comply with the law before consumers get hurt is always more effective than trying to protect consumers after a breach. We will assess the hospitals’ security protocols to assure that a system is in place to prevent this kind of breach from happening again.”
Assistant Attorney General Matthew Fitzsimmons is handling this matter for Jepsen.
###
CONTACT: Susan E. Kinsman, Attorney General; susan.kinsman@ct.gov; 860-808-5324; 860-478-9581 (cell)
Claudette Carveth, Department of Consumer Protection; claudette.carveth@ct.gov; 860-713-6022