315,000 patient files have disappeared from Emory Healthcare, an Atlanta-based healthcare company. The files contained 17 years worth of private data on all patients who had a surgical procedure done at Emory University Hospital, Emory University Hospital Midtown, and The Emory Clinic Ambulatory Surgery Center between 1990 and 2007. Besides protected health information, the discs also contained around 228,000 patients’ Social Security numbers.
According to John T. Fox, CEO of Emory Healthcare, the files were not obtained through hacking. An employee discovered that the backup files were missing from an office cabinet where they were no longer in use. Whether they were stolen or misplaced is yet to be known, but there is no evidence that the files have been misused.
Fox apologised on behalf of Emory Healthcare and said the company will be sending letters to affected individuals whilst also offering free identity protection services. It is estimated that the breach will cost Emory Healthcare as much as $2m.