Everybody knows how much I hate USB and thumb drives. The latest scheme is for hackers to leave thumb drives in coffee shops, airports, office buildings, libraries and other public places. These USB and thumb drives contain malware and ransomware and can infect an entire system if they are plugged into a home or work computer. So USB drives are BAD and unencrypted USB drives are even worse and should be prohibited from use.

But this story, believe it or not, has to do with LOST thumb drives that contained protected health information (PHI) of an unknown number of patients, that were transferred to two unencrypted thumb drives during an acquisition of one hospital by another. During the transaction, the patient data was transferred to two unencrypted thumb drives, which were then lost during transfer.

Unfortunately, the thumb drives contained the PHI of patients for the past 12 years. The PHI included the names, demographic information, emergency contact telephone numbers, patient account numbers, medical record numbers, Social Security numbers, insurance ID numbers, physician names, medical diagnosis, mental health information and medical histories. All this on two unencrypted thumb drives.

Thumb drives are bad. Unencrypted thumb drives are even worse, and Social Security numbers and medical insurance ID numbers on unencrypted thumb drives in this day and age is incomprehensible.