Redwood Memorial Hospital notified 1,039 patients after missing a thumb drive that contained their identifiable information.
The drive included information including first and last name; facility name and address where services were rendered; ID and medical record numbers; date of birth; gender; operator/technician name; physician name; report ID#; test indications; age; height; weight; test recording and analysis dates and times; and clinical summary of test findings.
The information had been intended to be maintained securely, however, after the incident, the hospital notified each patient via a personal letter mailed to their home address.
TPRM report: https://scoringcyber.rankiteo.com/company/redwood-memorial-hospital
"id": "red020241022",
"linkid": "redwood-memorial-hospital",
"type": "Data Leak",
"date": "11/2013",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 1039,
'industry': 'Healthcare',
'name': 'Redwood Memorial Hospital',
'type': 'Healthcare Provider'}],
'attack_vector': 'Loss of Physical Media',
'data_breach': {'number_of_records_exposed': 1039,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII), Medical '
'Information'},
'description': 'Redwood Memorial Hospital notified 1,039 patients after '
'missing a thumb drive that contained their identifiable '
'information.',
'impact': {'data_compromised': ['First and last name',
'Facility name and address where services '
'were rendered',
'ID and medical record numbers',
'Date of birth',
'Gender',
'Operator/technician name',
'Physician name',
'Report ID#',
'Test indications',
'Age',
'Height',
'Weight',
'Test recording and analysis dates and times',
'Clinical summary of test findings']},
'response': {'communication_strategy': 'The hospital notified each patient '
'via a personal letter mailed to their '
'home address.'},
'title': 'Redwood Memorial Hospital Data Breach',
'type': 'Data Breach'}