Laptop Thefts Again Lead Breach RoundupThree Healthcare Incidents Involve Unencrypted Devices
In this week's breach roundup, three organizations report breach incidents involving the theft of unencrypted laptops, a continuing problem in the healthcare arena.
Stolen Laptop Affects 13,000 Home Care Patients
An unencrypted laptop containing information on more than 13,000 clients of United HomeCare Services was stolen, compromising sensitive patient information.
Although the Miami-based home health company's announcement didn't specify how many clients were affected, the U.S. Department of Health & Human Services' Office for Civil Rights' tally of major breaches lists Jan. 8 laptop incidents affecting 12,300 clients at United HomeCare Services and 1,300 at its United HomeCare Services Southwest Florida unit.
Information stored on the laptop, according to the company announcement, included name, Social Security number, date of birth, home address, service dates, health plan numbers, services received or health status.
The home health company notified police and hired a private detective to conduct an investigation, according to the announcement. It also took steps to ensure all company laptops are encrypted.
Affected individuals are being offered two years of free credit monitoring services, according to the announcement, which was first revealed by PHIprivacy.net.
Two Laptops Stolen From Clinic
Two unencrypted laptops containing personal medical information on about 3,000 patients were stolen in a break-in at Family Health Enterprise, an Atlanta-based clinic.
Impacted individuals were participants in the clinic's breast health promotion program.
On Jan. 2, the clinic's office was broken into after business hours and the two laptops were taken, according to a press release. The devices stored patient names, Social Security numbers, addresses, dates of birth and clinical information.
"FHE has no knowledge that the individual(s) responsible for the theft or others have accessed and obtained such personal information from the laptops," the clinic said in the release.
Contractor Breach Affects State Health Dept.
Washington State's Department of Social and Health Services is notifying 652 clients of a breach after a private contractor's unencrypted laptop containing confidential information was stolen and later recovered at a pawn shop.
The laptop was stolen Feb. 4 and was recovered 10 days later at a local pawn shop by local police, according to The News Tribune.
Information stored on the laptop includes names; identification numbers; psychological evaluations, including notes and reports with diagnoses; dates of birth; the last four digits of Social Security numbers; dates of services; and addresses.
Affected clients were receiving services from the department's Economic Services Administration, the news outlet reported.
The contractor, Sunil Kakar, wrote in letters to the clients: "We are unable to determine whether the data was accessed or further copied or disclosed."
Billing Error Affects 700 Patients
Texas Tech University Health Sciences Center notified 700 patients in Amarillo of an error in processing billing statements that resulted in statements being mailed to incorrect patient addresses.
The university health center became aware of the error Feb. 20, two days after the incident occurred.
"We take every seriously our role in safeguarding patient information and ensuring privacy," a spokesman said in a release. "We learn from incidents like this and have put into place additional safeguards." The university health center hasn't received reports that information has been accessed or used by an unauthorized individual, the release notes.