2,100 Chesapeake Regional Healthcare Patients PHI Breached in Hard Drives Theft

by | Apr 11, 2018

Chesapeake Regional Healthcare has found that two hard drives storing the protected health information (PHI) of around 2,100 patients ave gone missing from the Chesapeake Regional Medical Center campus located in Chesapeake, Virginia.

The data saved on the devices relates to people who took part in studies at its Sleep Center between April 2015 and February 2018.

It is currently unclear the exact time that hard drives went missing. Chesapeake Regional Healthcare found that the devices were missing on February 6, 2018. An internal review was begun, and a full search of the facility was completed, but the devices could not be found. The missing hard drives have been reported as lost/stolen to law enforcement agencies, but Chesapeake Regional Healthcare said the chance of the devices being recovered is minimal and it does not expect the devices to be located.

The hard drives did not contain encryption. If obtained by a third party, the protected health information of patients could possibly be accessed. The types of data saved on the devices includes names, demographic information, birth dates, unique patient identifiers, details of the procedures and tests carried out at the Sleep Center, and data on medications that were prescribed. Social Security numbers, addresses, insurance information, and financial data were not held on the device.

Chesapeake Regional Healthcare is employing steps to ensure similar breaches do not happen going forward. Those steps include enhacing policies related to the security of PHI stored on portable electronic devices. It is not yet clear whether the new tactics will include data encryption.

Chesapeake Regional Healthcare is, at present, in the process of sending alerts to patients, who are being offered 12 months of free credit monitoring and identity theft protection services. Should  patients discover their health information has been used inappropriately, help will be offered to help address any harm felt.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy