Advertisement
The Body: The Complete HIV/AIDS Resource
Follow Us Follow Us on Facebook Follow Us on Twitter Download Our App
Professionals >> Visit The Body PROThe Body en Espanol
Read Now: TheBodyPRO.com Covers AIDS 2014
  
  • Email Email
  • Printable Single-Page Print-Friendly
  • Glossary Glossary

National News

Kentucky: Discarded Computer Had Confidential Medical Information

February 7, 2003

A Kentucky Cabinet for Health Services computer that had been discarded for sale as surplus equipment contained confidential files identifying thousands of people with STDs, including HIV, state Auditor Ed Hatchett said Thursday.

Under Kentucky law, the computer, like other surplus equipment, had to be offered for sale first to government agencies and nonprofit organizations, then to the public. Hatchett said the computer was one of eight, selected at random, awaiting sale at the state's surplus property office. He said employees of his office paid $25 apiece for the computers and took them back to the office for testing. The disk yielded several thousand files. "Then we found the HIV/AIDS data. Obviously, that is a huge problem," he said.

"It's a lot of information with lots of names and things like [numbers of] sexual partners of those who are diagnosed with AIDS," Hatchett said. "It's a terrible security breach." Sex partners of the individuals are counted but not named, said B.J. Bellamy, chief information officer for the auditor's office.

Health Services Secretary Marcia Morgan said the computer came from an agency in her cabinet that deals with counseling on STDs and HIV. The computer was used from 1995 to 1999. Its hard drive was believed to have been wiped clean when it was shipped as surplus late last year, Morgan said. She said she has ordered an internal investigation to determine how the lapse occurred and how a recurrence could be prevented.

Advertisement
Morgan said the computer was never out of state custody, and the ability to retrieve its information depended on the sophistication of the person using it. Nor was it the AIDS database that the agency is required to maintain for federal reporting purposes, according to the agency. That database lists AIDS patients by a code, not by name.

Hatchett's office on Wednesday sent an alert to state and local government offices that said surplus computers must be wiped clean with software designed for that purpose. "Deleting data or reformatting disks is not sufficient," the advisory said. On Thursday morning, the Governor's Office of Technology issued a government-wide policy on proper sanitizing of surplus state equipment.

Back to other CDC news for February 7, 2003

Previous Updates

Adapted from:
Associated Press
02.07.03; Charles Wolfe



  
  • Email Email
  • Printable Single-Page Print-Friendly
  • Glossary Glossary

This article was provided by CDC National Prevention Information Network. It is a part of the publication CDC HIV/Hepatitis/STD/TB Prevention News Update.
 

Tools
 

Advertisement