315,000 patient files have disappeared from Emory Healthcare, an Atlanta-based healthcare company. The files contained 17 years worth of private data on all patients who had a surgical procedure done at Emory University Hospital, Emory University Hospital Midtown, and The Emory Clinic Ambulatory Surgery Center between 1990 and 2007. Besides protected health information, the discs also contained around 228,000 patients’ Social Security numbers.
According to John T. Fox, CEO of Emory Healthcare, the files were not obtained through hacking. An employee discovered that the backup files were missing from an office cabinet where they were no longer in use. Whether they were stolen or misplaced is yet to be known, but there is no evidence that the files have been misused.
Fox apologised on behalf of Emory Healthcare and said the company will be sending letters to affected individuals whilst also offering free identity protection services. It is estimated that the breach will cost Emory Healthcare as much as $2m.
See the full story in the Atlanta Journal-Constitution
The Information Commissioner’s Office (ICO) has proposed a fine of £375k, its largest so far, for a patient privacy breach at Brighton and Sussex University Hospitals NHS Trust. The incident occured when hard drives containing patient data were sold on eBay by the registered contractor hired to destroy them. The hard drives have been safely recovered but the breach could mean major consequences for the Trust. 
TRICARE, the insurer for the US military health system, is facing a whopping $4.6 billion lawsuit after back-up tapes containing patient data were stolen from a car. The tapes are said to contain personal details such as names, addresses, phone numbers, Social Security numbers, clinical notes and prescriptions of individuals who were treated at San Antonio military facilities over the last two decades. The suit seeks $1,000 in damages for each of 4.9 million affected individuals. 