Who Breached: Lifeblood Mid-South Regional Blood Center
Number Affected: 321,000
Information breached: Personal information including Social Security Numbers
How: 2 laptops lost
Lifeblood Mid-South Regional Blood Center has breached the data of 321,000 blood donors as the result of two laptops lost several months ago.
This week, Lifeblood sent a letter to the affected donors (as seen here), who made or attempted to make a blood donation after 1990, that two laptops containing personal information including some SSNs and Driver’s Licence numbers, have been lost.
The letters were mailed more than three months after staff noticed a missing laptop had not been activated in several weeks. Investigation of this missing laptop in early December uncovered a second laptop to be missing. Senior staff were notified of the laptop loss in early January.
“There were some missed opportunities,” [President and CEO Edward] Scott said of the delay, including a chance to notify donors earlier.
Both laptops were protected by two separate encrypted passwords. Lifeblood presumes the laptops were stolen from locked storage to be pawned for cash. Since the incident, Lifeblood has installed remote data-delete software, have limited access to the locked room, and have removed the last four digits of SSNs from personal files, with plans to eliminate all SSNs from the master files this Spring.
Identity theft protection will be considered on a case-by-case basis as requested. The breach has cost the non-profilt close to $200,000 to date.
In other breach news, a laptop containing 5123 medical records was stolen from the Russells Hall Hospital in Dudley, West Midlands last week. More information can be found here.
Vial Commercial Appeal Tags: lifeblood, lifeblood breach, breach, data breach, laptop, lost laptop, laptop security, data delete, blood donors