Patients of a medical facility are being notified of a potential compromise in information security, due to a staff member mishandling sensitive information.
Penn State Hershey Medical Centre in the US notified 1,800 patients that their information could be at risk, as an employee had been working with data from home. In this time, the lab technician was operating outside of the secure medical centre system.
Information included names, medical record numbers, names of lab tests and visit dates.
The centre learned of the probable breach on April 11 2014, discovering the employee had been entering data into a test log from a home computer from August 1 2013 until March 26. In addition, information was being transported via flash drive and personal email addresses to and from the workplace.
"Results of an extensive internal investigation give no indication that any unauthorised person actually viewed or accessed this protected health information as a result of the employee's activity," a release from the medical centre stated.
In any business environment that deals with sensitive information – especially when related to employees – data security needs to be the primary consideration. A detailed security audit can often identify whether or not employees handling secure information incorrectly.
Carried out frequently, audits can ensure constant data security.