Crescent Healthcare Notifies Individuals of 2012 Data Breach

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.californiahealthline.org/articles/2013/2/26/crescent-healthcare-notifies-individuals-of-2012-data-breach.aspx

Last week, Crescent Healthcare -- an Anaheim-based Walgreens company
-- began notifying patients and employees of a data breach that
occurred late last year, Healthcare IT News reports.

Details of the Incident

On Dec. 28, 2012, an unknown person or persons broke into Crescent’s
billing center and stole computer hardware and paper records,
according to a letter notifying patients and employees of the breach.

The stolen property could have contained patients':

Names;
Phone numbers;
Dates of birth;
Addresses;
Social Security numbers;
Health insurance data; and
Diagnosis information.

Comments From Crescent

Crescent did not provide information on how many individuals were
affected by the breach.

Paul Mastrapa, president of Crescent, wrote in the letter, “We are
very sorry this happened, and we are cooperating with law enforcement
to further investigate this incident.”

He added, "Additionally, we have taken steps to [prevent] this from
happening again, including retraining employees and service providers
on security, and inhaling our security policies and procedures"
(McCann, Healthcare IT News, 2/25).
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.