TRENDING:

Breach Involves Laptop Thefts

California health system warns 5,450 patients Howard Anderson (ismg_editor) • April 7, 2010    
Breach Involves Laptop Thefts
John Muir Health, a Walnut Creek, Calif.-based health system, is notifying 5,450 patients about a potential breach of information stemming from the theft of two unencrypted laptop computers.

The laptops were stolen in February from the John Muir Network Perinatal Office in Walnut Creek. They contained personal and health information going back more than three years.

Although the laptops were not encrypted, they were password protected and "contained data in a format that would not be readily accessible," said Hala Helm, vice president, chief compliance and privacy officer. "While we have no evidence that the information has been accessed or used inappropriately, we cannot rule out that possibility."

Many of the major breach cases tallied by the Department of Health and Human Services' Office for Civil Rights involve the theft or loss of laptops and other devices. The tally now includes about 56 breaches confirmed since September, when new reporting requirements kicked in.

Under the HITECH Act's breach notification rule, such incidents must be reported to HHS and the media within 60 days.

Preventive steps

John Muir Health, which owns two hospitals, is providing those who may be affected with a free identity theft protection program from Equifax for one year. It's recommending patients place a fraud alert on their credit files.

As a result of the incident, John Muir is implementing additional safeguards, Helm says. "Patient information stored on laptops at the perinatal office is now encrypted, and the laptops are locked down," he says. "Encryption software is also being installed on John Muir Health laptops throughout the organization."

The organization is working with local law enforcement officials investigating the theft.

Previous
New ISSA President Sets 3-Point Agenda
Next
Scammers Selling Fraudulent Insurance

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Aité-Novarica's Cybersecurity Impact Award
Aité-Novarica's Cybersecurity Impact Award
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.