BreachExchange mailing list archives
Laptop with patients' info stolen from home
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Wed, 17 Apr 2013 11:05:24 -0400
http://www.yumasun.com/news/drive-86835-patients-laptop.html A burglar swiped a laptop and hard drive containing sensitive medical and personal data for hundreds of mental health patients from Yuma and across the state. Alicia Z. Aguirre is the general counsel for Yuma's Arizona Counseling and Treatment Services, a contracted provider with Cenpatico Behavioral Health of Arizona. It was one of her employees who was the victim of the burglary last month. “Sometime between March the 18th and the 25th, someone broke into an employee's home and stole a work laptop and external hard drive,” among other belongings, she said. The employee immediately filed a police report upon realizing there had been a break-in and continued to look for the laptop and drive, hoping they'd just been misplaced. But they didn't turn up. The laptop was loaded with recovery tracking software. But the drive was not. Saved to that drive were names, dates of birth and treatment plans — but no Social Security numbers or financial information— of more than 500 patients served by ACTS and Cenpatico between 2011 and 2013. This is information protected by the Health Insurance Portability and Accountability Act, or HIPAA. Aguirre said whoever stole the computer and drive probably wasn't aware of what they really snagged, and she has no reason to believe the equipment was stolen for its data content. She's had employees checking pawn shops for the items, but with no luck. Although she is notifying those patients and her firm will be offering help with credit monitoring, the law requires Aguirre to make a wider public notice because of the size of the breach. Not all of the patients necessarily live in the Yuma area. ACTS also provides services in La Paz, Pinal, Greenlee, Graham and Cochise counties. Aguirre said the computer equipment was out of the office because the employee does some work from home. The employee is not at fault, she said. Potentially affected people will be getting a letter about the breach if they haven't already. They can also call the ACTS Corporate Compliance Office 1-800-218-6409 or write to info () actsaz com for more information. The phone number and e-mail address should be up and running by Friday. Read more: http://www.yumasun.com/articles/drive-86835-patients-laptop.html#ixzz2QjWysGcZ _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Laptop with patients' info stolen from home Erica Absetz (Apr 17)