Local News

Patient info stolen from Duke Health office

Posted August 29, 2014

— Duke University Health System officials said Friday that a thumb drive containing patient information was stolen from an administrative office last month.

The unencrypted device contained spreadsheets that included patients’ names, medical record numbers, physicians’ names and, in some instances, the names of certain Duke University Hospital locations visited, officials said. No Social Security numbers, clinical information, financial information or medical records were on the device, they said.

The patients whose information was compromised were treated in the Duke Children’s Health Center and Lenox Baker Children’s Hospital from last December until June.

The thumb drive was stolen on July 1, but police have been unable to recover it, officials said. It was unclear why Duke waited until Friday to notify patients.

"We have no reason to believe that the information on the thumb drive has been used in any way," officials said in a statement on the Duke Health website.

The health system set up a dedicated call center to answer questions from affected patients. People can call 866-819-2163 toll-free between 9 a.m. and 9 p.m. weekdays.

"We deeply regret any inconvenience this may cause our patients," officials said in the statement. "To help prevent something like this from happening in the future, we are enhancing our encryption processes and re-enforcing staff education on the use of encryption and the importance of handling patient information securely."


This story is closed for comments.

Oldest First
View all
  • heelsgirl05 Aug 29, 2014

    View quoted thread

    My thoughts exactly

  • Lorna Schuler Aug 29, 2014
    user avatar

    View quoted thread

    No health system is exactly what people tend to believe it is. No place is perfect due to the fact that as with everything, humans are involved and humans are not perfect. Yes, I know some think that there should be perfection in some areas of life, it just isn't the case.

    I could say negative things about UNC since that is where my son was when he contracted MRSA and passed away as a result.

  • 678devilish Aug 29, 2014

    What purpose would someone else's information serve the thief? I do hope he/she is caught asap.

  • gopack10 Aug 29, 2014

    I used to work as a nurse at Duke....that health system is not what people tend to believe it is.

  • Mike Watson Aug 29, 2014
    user avatar

    RandomGuy, it was on it likely because a Duke employee wasn't following Duke rules. There are regulations that forbid storage or transport of patient information on unencrypted media.

  • Steve Faulkner Aug 29, 2014
    user avatar

    1. WHY was this data on a USB Drive??
    2. If there is any LEGIT reason for the data to be on a USB drive, WHY was it NOT encrypted??

  • Jerry Sawyer Aug 29, 2014
    user avatar

    They have "no reason to believe any information was used". How in the world would they know that?