TRENDING:

Accretive Health Addresses Breach

Says Lack of Laptop Encryption Was an 'Oversight' Howard Anderson (ismg_editor) • May 14, 2012    
Accretive Health Addresses Breach

A laptop stolen from an employee of Accretive Health last year was not encrypted "due to the oversight of an individual IT employee," the company says in a 29-page comment letter sent to U.S. Sen. Al Franken, D-Minn. That employee subsequently was fired, the company reports.

See Also: Take Inventory of Your Medical Device Security Risks

Sen. Franken has launched an investigation into the Chicago-based billing and collections firm in the wake of the Minnesota attorney general's lawsuit against the company that stems, in part, from the data breach last year that affected more than 20,000 patients. Accretive Health, which wrote the comment letter at the request of Franken, has filed a motion to dismiss the lawsuit (see: Accretive Health Responds to Lawsuit.)

Franken has announced the Senate Health Committee plans to hold a field hearing later this month in Minnesota on Accretive Health's business practices.

Encryption Strategy

In its comments to Franken, Accretive Health also notes that following the July 2011 breach incident it "added redundancies to its IT practices so that multiple employees work independently to ensure that each Accretive Health laptop is properly encrypted. In addition, Accretive Health conducts reviews at least five days a week to confirm that every laptop remains properly encrypted."

The company also notes that it has "begun to upgrade its encryption software to higher than industry standards."

An unencrypted laptop was stolen from the parked rental car of an Accretive Health employee, according to the Minnesota attorney general's lawsuit. It contained healthcare information, as well as some Social Security numbers and other personal data, on patients treated at Fairview Health Services and North Memorial Health Care.

The bulk of Accretive Health's letter to Franken deals with the lawsuit's other allegations regarding its collection practices.

Previous
HIPAA Security Conference Slated
Next
700,000 Affected in Home Care Breach

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.