TRENDING:

Burglary Leads to Breach

Device lacked encryption Howard Anderson (ismg_editor) • March 2, 2010    
Burglary Leads to Breach
A unencrypted laptop stolen from an employee's home has led to a breach of information on about 12,500 patients at Shands HealthCare in Gainesville, Fla.

The laptop contained the Social Security numbers of about 650 people, Shands reports. Other personal information stored on the laptop may include names, addresses, physician names, medical record numbers and abbreviated medical procedure or condition codes.

A Shands employee had downloaded the health information onto an unencrypted Shands-owned laptop at home for work-related purposes, the provider organization reported.

The employee reported the computer stolen on Jan. 27 when the employee's home was burglarized. Shands immediately notified the Gainesville Police Department and initiated an investigation into the theft. Shands also immediately launched an internal investigation.

Although Shands says it has no evidence that any of the confidential information stored on the computer has been used for fraudulent purposes, it is mailing notification letters to affected individuals this week. The letters contain "instructions about taking additional protective steps," the organization says. Shands also has posted a notice on its Web site.

The HITECH Act's breach notification rule requires providers to notify those affected by a breach within 60 days. The theft of properly encrypted information, however, does not need to be reported.

The organization says it has launched a "systemwide encryption initiative to better safeguard protected health information stored on Shands-owned computers, laptops and other portable communications devices as well as on employee-owned devices used to support Shands work."

Previous
An Attorney Offers HITECH Advice
Next
White House Partly Lifts CNCI Secrecy

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Aité-Novarica's Cybersecurity Impact Award
Aité-Novarica's Cybersecurity Impact Award
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.