It seems that some 1,800 patients of the Hershey Medical Center may possibly have had their personal information breached. A staffer with the hospital had uploaded patient data to his home computer in order to work on it without having authorization to do so.
From Lancaster Online:
Officials at the hospital said in a press release Friday afternoon that results of an extensive internal investigation give no indication that any unauthorized person actually viewed or accessed the information as a result of the employee’s activity.
But because the employee worked with the data on devices and systems outside the safeguards and controls of the secure information network, they cannot completely rule out the possibility.
While the staffer was allowed to work on the data he did so on an unauthorized system. No word as to whether or not the employee had been terminated for the breach.