More News:

August 17, 2023

Jefferson Health warns Cherry Hill hospital patients of potential data breach

A backup hard drive from a bone density scanning machine went missing in mid-June. The health system has been unable to determine whether it was lost or stolen

Investigations Data breach
Jefferson Cherry Hill Hospital GOOGLE MAPS/STREET VIEW

Jefferson Cherry Hill Hospital notified select patients this week that some of their personal data may have been compromised after a backup hard drive from a bone density scanning machine went missing.

Some patients at Jefferson Cherry Hill Hospital are being advised to keep an eye on their credit reports due to a potential data breach.

The hospital started notifying select patients this week that their private data may have been compromised after a backup hard drive went missing from a DEXA scan machine, which is used to measure bone density.

A service technician discovered the portable backup device was missing while performing routine maintenance on the machine in mid-June, according to a statement on the hospital's website. Jefferson Health said it was unable to determine if the device was lost or stolen, but opted to inform patients whose data was likely on the backup drive so they could take precautionary measures in case their information was compromised.

The backup drive contained patients' names, birthdates, medical record numbers and potentially their mailing addresses. The drive also contained data about the bone density scans, such as the date they were recorded. Other sensitive patient data, including social security numbers, phone numbers, drivers license numbers and the bone scan images, cannot be easily viewed without the right software and login credentials, Jefferson said. 

Jefferson is advising patients who may be affected to contact one of the major credit bureaus and put fraud alerts on their credit reports as a precautionary measure.

It’s not clear why it took Jefferson two months to disclose the potential data breach, but its statement referenced "a full investigation" having taken place in an effort to determine what happened to the drive. A hospital spokesperson declined to comment. 

The potential breach is a low-tech affair compared to other digital intrusions at health care facilities recently. Earlier this month, a ransomware attack targeting computer networks at Prospect Medical Holdings disrupted operations at several hospitals and health care clinics in Pennsylvania and four other states. The health care industry is an increasingly popular target for such malware attacks.