BreachExchange mailing list archives
South Jersey Healthcare tells patients data stolen
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Thu, 3 Jan 2013 10:44:38 -0600
http://www.thedailyjournal.com/article/20130102/NEWS01/301020050/South-Jersey-Healthcare-tells-patients-data-stolen VINELAND — A laptop containing the personal information of approximately 8,500 South Jersey Healthcare patients and others at two out-of-state facilities has been reported stolen, hospital officials said Wednesday. The laptop also contained information about patients from healthcare facilities in Michigan and Virginia. The incident affected only certain patients treated at South Jersey Healthcare, 99 percent of whom were either treated or scheduled for admission at the health system’s hospitals between June 1, 2012 and Nov. 12, 2012. The laptop was reported stolen in another state on Nov. 14 from inside a car belonging to an employee of Omnicell, a company that provides automated medication dispensing services for South Jersey Healthcare, according to a statement released by the health system on Wednesday. Omnicell already has notified all 8,555 South Jersey Healthcare patients and affected patients at the other hospitals by mail of the potential data breach. The files on the laptop, which is password protected, are believed to contain: patient names; birth dates; patient numbers; and medical record numbers, according to the statement. The device did not contain patient medical records; financial; bank account; or insurance information pertaining to any South Jersey Healthcare patient, officials said. Omnicell has recommended that affected patients monitor their medical insurance statements and credit reports for any evidence of fraudulent transactions using their identity, according to the hospital statement. Social Security numbers for certain patients were on the device, although they were not readily identifiable as Social Security numbers, the statement said. The health system was notified of the theft on Nov. 20 by Omnicell, according to a statement issued by Greg Potter, a spokesman for South Jersey Healthcare. Potter said Omnicell also notified patients of the theft after it was reported in November. South Jersey Healthcare issued the statement Wednesday as a precaution, he said. Information about patients at The University of Michigan and Sentara Health System in Virginia also were on the stolen laptop, he said. If patients suspect any fraudulent transactions have occurred, they should contact their local law enforcement agency or the state attorney general, the statement said. The laptop has not been recovered. The files on the laptop also could contain clinical information such as: Gender; allergies; admission date and/or discharge date; physician name; patient type (inpatient, emergency department or outpatient); site and area of the hospital (specific inpatient or outpatient unit/area); room number. Also, the names and dosages of medication as well as, frequency, administration instructions, and start time and/or stop times for medicine may be on the laptop, officials said. While the laptop was password protected, the information contained was not encrypted. Investigators don’t believe the device was taken for the information it contained. They also don’t believe that the information has been accessed or used improperly, according to the statement. As a precaution, Potter said letters have been mailed and a dedicated call center has been established to assist the affected patients. Omnicell will also provide credit monitoring to affected patients if needed, as well as assistance to patients with any complaints of possible identify theft. Omnicell is continuing to investigate the incident and is working closely with authorities to locate the stolen device and secure all patient information. In addition, Omnicell is taking steps to improve its security programs and practices in response to this incident. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- South Jersey Healthcare tells patients data stolen Erica Absetz (Jan 03)