Conn. A.G. Investigates Smaller Breach

Laptop Stolen at Yale Medical School
Conn. A.G. Investigates Smaller Breach
The only state attorney general in the nation who so far has used his new power under the HITECH Act to sue a healthcare organization for HIPAA privacy and security rule violations is keeping a close eye on breaches of all sizes.

Connecticut Attorney General Richard Blumenthal has announced his office is investigating a breach affecting 1,000 individuals stemming from the theft of an unencrypted laptop at Yale Medical School.

In a statement, the attorney general said Yale is cooperating in the investigation, which is designed to "identify the cause of the breach and assure ongoing protections for patients."

Officials at Yale say the computer, stolen July 28 from the office of a data analyst at the school of medicine, contained health information, but no Social Security, financial or insurance numbers. So far, there is no evidence that any of the information on the computer has been misused, the officials say.

"In addition to affirming all our existing measures to protect patient privacy, we are moving to introduce immediately several security upgrades," says Robert Alpern, M.D., dean of the school of medicine.

As required under the HITECH Act breach notification rule, the school is notifying those affected.

In July, Blumenthal's office reached a settlement with insurer Health Net over a breach in 2009 that involved the loss of a portable disk drive holding records for more than 1.5 million consumers, including 500,000 in Connecticut. The insurer agreed to pay a $250,000 fine and take corrective action to improve security.

Meanwhile, the attorney general's office also is investigating a breach at insurer Wellpoint Inc. that is now estimated to have affected about 480,000 individuals, including some in Connecticut. That case involved a website glitch that exposed patient data.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.