A thumb drive containing unencrypted patient information was stolen this summer, Duke Medicine announced in a statement Thursday.
The drive contained information about some patients treated in the Duke Children’s Health Center and the Lenox Baker Children’s Hospital from December 2013 to June 2014. Duke Medicine learned of the theft July 1. The stolen information included patients’ names, medical record numbers, physicians’ names and Duke Hospital locations visited by certain patients. No Social Security numbers, clinical information or financial information was stored on the drive, according to the statement.
Duke University Health System officials contacted law enforcement immediately after learning of the theft, but neither the drive nor the individual who stole it have been found. Duke Medicine also conducted an internal investigation of the theft.
Duke Medicine began sending out notices to patients affected by the breach of information on Friday, although it is not clear why Duke Medicine waited to inform patients.
“We deeply regret any inconvenience this may cause our patients,” DUHS officials said in the statement.
The statement also said that Duke Medicine would improve its encryption processes and increase staff education on the secure use of patient information.
The Duke Medicine Office of News and Communications refused to comment beyond the statement issued Thursday.