PHI of 660 Patients Exposed Due to Missing Device

by | Feb 3, 2018

660 patients of Eastern Maine Medical Center are being notified that some of their protected health information may have been been exposed after a ortable hard drive, that stored sensitive information, has gone missing from its State Street facility, in Bangor, ME.

The device in question lacked encryption and data on the device could be obtained without the need for a password. It has not been confirmed that the device definitely was stolen, but it (the device) could not be found during a search of its facility. The drive was last seen in its normalplace on December 19, 2017 and was discovered that it was missing on December 22.

This device belonged to a business associate of Eastern Maine Medical Center and stored limited patient data. No Social Security numbers, financial information, or health insurance particulars were present on the device, only full names, birth dates, dates of service, medical record details, one-word condition descriptors, and procedural pictures.

The patients affected by the breach had attended the medical center for cardiac ablation procedures between January 3, 2011 and December 11, 2017. Not all patients who attended the medical center for those procedures were impacted. Some patients had their data stored in other places.

The possible theft has been made known to law enforcement and investigations into the circumstances regarding the loss/theft of the hard drive are ongoing. A comprehensive search of the facility was completed although the device has now been officially classified as lost and patients are now being made aware the breach by mail.

The slowness in issuing breach notification letters was due to the time needed to search the facility and find out which patients’ PHI was saved on the device.

Despite the fact that  the types of data needed to commit identity theft were not exposed, all patients affected by the incident have been offered free identity theft monitoring and protection services for one year out of “an abundance of caution”.

President of Eastern Maine Medical Center Donna Russell-Cook commented “We take our commitment to uphold our patients’ privacy very seriously and are reviewing our processes to strengthen data security.”

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy