National News

Kentucky: Discarded Computer Had Confidential Medical Information

From U.S. Centers for Disease Control and Prevention

February 7, 2003

A Kentucky Cabinet for Health Services computer that had been discarded for sale as surplus equipment contained confidential files identifying thousands of people with STDs, including HIV, state Auditor Ed Hatchett said Thursday.

Under Kentucky law, the computer, like other surplus equipment, had to be offered for sale first to government agencies and nonprofit organizations, then to the public. Hatchett said the computer was one of eight, selected at random, awaiting sale at the state's surplus property office. He said employees of his office paid $25 apiece for the computers and took them back to the office for testing. The disk yielded several thousand files. "Then we found the HIV/AIDS data. Obviously, that is a huge problem," he said.

"It's a lot of information with lots of names and things like [numbers of] sexual partners of those who are diagnosed with AIDS," Hatchett said. "It's a terrible security breach." Sex partners of the individuals are counted but not named, said B.J. Bellamy, chief information officer for the auditor's office.

Health Services Secretary Marcia Morgan said the computer came from an agency in her cabinet that deals with counseling on STDs and HIV. The computer was used from 1995 to 1999. Its hard drive was believed to have been wiped clean when it was shipped as surplus late last year, Morgan said. She said she has ordered an internal investigation to determine how the lapse occurred and how a recurrence could be prevented.

Morgan said the computer was never out of state custody, and the ability to retrieve its information depended on the sophistication of the person using it. Nor was it the AIDS database that the agency is required to maintain for federal reporting purposes, according to the agency. That database lists AIDS patients by a code, not by name.

Hatchett's office on Wednesday sent an alert to state and local government offices that said surplus computers must be wiped clean with software designed for that purpose. "Deleting data or reformatting disks is not sufficient," the advisory said. On Thursday morning, the Governor's Office of Technology issued a government-wide policy on proper sanitizing of surplus state equipment.

Back to other CDC news for February 7, 2003

Previous Updates

Adapted from:
Associated Press
02.07.03; Charles Wolfe

This article was provided by U.S. Centers for Disease Control and Prevention. It is a part of the publication CDC HIV/Hepatitis/STD/TB Prevention News Update.

My Health Tracker

Assess Your Risk for HIV

U.S. ASO Finder

Find a Therapist

What Really Fuels the HIV/AIDS Epidemic in Black America?

Top 10 HIV/AIDS-Related Clinical Developments of 2011

Ten HIV/AIDS Stories that Defined 2011

Tennessee Senator: It's Virtually Impossible for Heterosexuals to Contract HIV From Sex: A Blog Entry by Kellee Terrell

The Culture War in the Black HIV/AIDS Movement Is Hurting Us All

More >>

The Body is a service of Remedy Health Media, LLC, 250 West 57th Street, New York, NY 10107. The Body and its logos are trademarks of Remedy Health Media, LLC, and its subsidiaries, which owns the copyright of The Body's homepage, topic pages, page designs and HTML code. General Disclaimer: The Body is designed for educational purposes only and is not engaged in rendering medical advice or professional services. The information provided through The Body should not be used for diagnosing or treating a health problem or a disease. It is not a substitute for professional care. If you have or suspect you may have a health problem, consult your health care provider.