Medical Student Loses Thumb Drive


A lost flash drive has resulted in MD Anderson Cancer Center’s second major breach of unsecured protected health information in recent months.

A medical student at MD Anderson Cancer Center lost an unencrypted thumb drive on an employee shuttle. A statement by MD Anderson statement. “While we have no reason to believe that the information has been or will be accessed improperly, we are alerting our patients that the drive contained some patient information, including patient names, dates of birth, medical records numbers and diagnoses, and treatment and research information. The USB thumb drive contained no patient Social Security numbers or other financial information.”

Currently there is no requirement for 'data at rest' to be encrypted. Data at rest is any data that is stored on computer hard drives, backup disks, thumb drives or any type of media. Stage 2 of Meaningful Use will require that "Data at Rest" to be encrypted, and having data encrypted with an encryption that meets NIST specification FIPS 140-2 provides practices with enhanced protection in case of the loss of a thumb drive.

It is in the best interest of each and every medical provider to encrypt their data as early as possible and to encrypt the data at the strongest possible level. You should consult with your IT vendor about implementing encryption of your data and computers.