Stolen hardware, and particularly laptops, is still a very common cause for data breaches, especially when it comes to hospitals and other healthcare companies. Three recent incidents have all involved patient details being exposed to identity theft, fraud and other risks, after being taken together with laptops held in medical offices.
While in some cases the stolen portable computers happened to be password protected, none of them had been encrypted to better prevent access to stolen private records. Read more
The Kansas Department on Aging has recently reported a hardware theft that caused a data breach affecting about 7,000 of its customers. A laptop, a flash drive and paper files were stolen out of an employee’s vehicle, putting thousands of senior customers at risk.
The stolen files contained personal and protected health information belonging mainly to customers located in Sedgwick, Harvey, and Butler counties. The theft was immediately reported to the Wichita Police Department. The Kansas Department on Aging says it is cooperating with the police, but the stolen hardware has not yet been recovered. Read more
As data storage devices get smaller and easier to carry, the chance of them being stolen or lost goes higher. Thumb drives, laptops, computers, everything shrinks, while storage capacity grows exponentially, great for productivity, awful for unencrypted data. While laptops and USB sticks have always been the easiest to steal or lose, it does not mean that the old fashioned desktop computers cannot share in the same fate.
The result of the following incidents? Exposed data affecting hundreds or thousands, making them perfect targets for identity theft or fraud. Another thing they have in common? You guessed it, they are all part of the healthcare industry! Most of these data breaches can be prevented and it’s a rather simple process. But let’s move on to our list of incidents! Read more
A computer that may contain personally identifiable information of almost 20,000 Reid Hospital patients was stolen from an employee’s home office in early April. According to Craig Kinyon, CEO/President of Reid Hospital, the laptop was only one of the items stolen in a break in, this indicating that data was not the objective of the theft.
The computer in question might have been storing reports on Medicare and Medicaid patients that have received treatment and medical services between 1999 and 2008. The reports contain names and Social Security numbers, as well as Medicare numbers.
No information stored after 2008 was stored on the stolen device. Nor were any financial information, banking information or other identifying information stored on the missing notebook.
A laptop theft that occurred at a doctor’s home has prompted Dean Health System and St. Mary’s Hospital to offer identity theft protection to more than 3,000 patients. According to Kim Sveum, Dean spokeswoman, the laptop, which was stolen on Nov. 8 did not contain Social Security numbers, addresses, phone numbers, credit card numbers or other financial information
Dean and St. Mary’s released a statement about the situation Monday. and sent letters Saturday to more than 3000 affected patients. All of these patience have had had surgeries from 2001 through Nov. 8.
The doctor ,who has not been named, apparently stored the patient information on her personal computer, against Dean policy, Sveum said. Data on Dean computers are encrypted, she added.
Sveum wouldn’t say if the doctor was disciplined. Dean and St. Mary’s “are undertaking comprehensive reviews of this breach of policy” and reminding employees to protect patient privacy, the statement said.
Along with the laptop, the doctor reported the theft of an iPod, a jewelry box and a purse stolen from her home in Fitchburg, said Lt. Todd Stetzer of the Fitchburg Police Department. Only the purse has been recovered.
This was not the only house breaking in the area and it had occurred through an unlocked patio door.
The patients affected by the theft are being allowed to sign up for one-year identity theft service, including up to $20,000 in reimbursements for expenses from resolving any identity theft issues. However, no problems have been reported so far, and the risk appears to be small, Sveum said.
A professor at the Umeå University in northern Sweden has received the entire contents of his stolen laptop on a USB stick. As this data was the result of 10 years of work, one can imagine this gentleman’s relief.
In a statement addressed to the local Västerbottens-Kuriren newspaper he says that he is unhappy with the incident but the return of the data makes him “hope for humanity”. Read more
What’s stolen in Vegas stays in Vegas?
35,000 county residents found out that their private information might be in jeopardy as an Accomack County Virginia employee had a county-owned laptop stolen while being on holiday in Las Vegas. Besides personal information such as names and social security numbers, the files on the stolen computer might contain tax payer information and actual addresses.
The incident took place on October 7 and was reported to the media after seven days. The warning came with apologies as the laptop in question was apparently taken without permission by the employee. A closed meeting held by the Board of Supervisors regarding this issue was held on Wednesday. Read more
Panic grows among 7,000 students that are attending City College of New York as this week they have been notified by the school’s officials that a laptop theft may cause public exposure of their private details, including names and social security numbers.
The computer was stolen a couple of weeks ago, according to a post published by the Educational Security Incidents (ESI) blog. The data of the computer was not encrypted, but only password protected. CCNY officials found no evidence that any of the data has been used for identity theft or other illegal endeavors. Read more
Shands HealthCare has recently announced about 12,500 of their patients that their private medical data has been stolen in January, along with the laptop that contained the personal details. As it almost always happens in the case of hardware storing sensitive records, the laptop wasn’t encrypted in any way.
The stolen info contains names, addresses, medical record numbers and medical procedure codes of the patients, as well as the Social Security numbers of about 650 people. Luckily, up to know, there is no evidence of any misuse of the data, and we should keep hoping that the thief or thieves just needed the notebook to sell it or for personal use…
At least some measures have been taken: training for the employees and system-wide encryption policy to prevent such data breaches in the future. And of course, there’s protection for those affected, eligible for 12 months of free credit monitoring.
Let’s hope the new system works, as according to Gainesville.com, security breaches involving large amounts of patient data being exposed are some what of a recurring habit at Shands.
AvMed Health Plans is currently dealing with a prominent data breach after having two company laptops stolen from their corporate offices in Gainesville in early December. The theft could compromise personal information of over 200,000 current and former subscribers, as well as their dependents, said a company announcement quoted by Gainesville.com.
The two laptops contained details such as names, addresses, phone numbers, Social Security numbers and protected health information. Yet the company states that the risk of identity theft is very low, as data was listed in a random way, regardless of the fact that, 12 days after the incident, AvMed discovered the data on one of the two laptops was not properly encrypted.
AvMed states there were no reports of identity theft up to now, but they will only have a clearer view on the situation after their members start registering for identity protection, service provided by the company for free for the next 24 months.