By Sharon Gaudin
September 7, 2007
Health-care services company, McKesson, is alerting thousands of its
patients that their personal information is at risk after two of its
computers were stolen from an office.
The company, which helps pharmaceutical manufacturers set up assistance
programs for patients in need, sent out a letter alerting patients that
the computers were stolen on July 18. The names of the people being
alerted were on one of the two PCs, but it's not known how much of their
accompanying identifying information was also contained on the machines.
"Your personal information may have been on one of the two computers
that were stolen from a McKesson office," wrote Patrick Blake, president
of McKesson Specialty Pharmaceutical, in the letter to one patient. "At
this point, we have not determined if your personal information was on
either stolen computer. However, we are taking the precaution of
notifying every patient whose information might have been on the
computers, just to be safe."
A spokesman for McKesson did not return phone calls requesting comment,
but a company representative on the McKesson hotline said "thousands" of
patients were affected and letters were sent to everyone who had at
least a name on one of the machines. It's possible that identifying
information, including addresses, prescribed medications, dosages,
Social Security numbers, and dates of birth, also were contained on the
computers. The loss appears to affect both current and former patients.
The company representative said it's not clear if the data on the
machines was encrypted. Local police and the FBI have been called in on
Blake's letter suggested that those contacted put a fraud alert on their
credit files. The representative on the McKesson hotline said the
company would give customers a year of free credit reporting if they
"We also have taken steps to ensure this doesn't happen again by
increasing and improving employee understanding and awareness of
corporate security policies and procedures, policies for handling
patient data, and company security processes," wrote Blake. "We deeply
regret that this incident occurred."
The hotline number is: 866-554-6366.
The impact of data theft is usually severe when health-care companies
are involved. Earlier this year, a laptop was stolen from a secure
office in a Texas hospital group, putting identifying information on
7,800 patients without health insurance at risk. The Seton Family of
Hospitals reported in February that a security camera captured video of
a thief carrying out a laptop and a projector. The laptop contained
identifying personal information such as Social Security numbers, dates
of birth, and insurance program numbers.
Visit the InfoSec News Bookstore