BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

IU Health Arnett laptop stolen

From: Erica Absetz <erica () riskbasedsecurity com>
Date: Mon, 13 May 2013 09:04:23 -0400
http://www.jconline.com/article/20130510/NEWS03/305100032/IU-Health-Arnett-laptop-stolen?nclick_check=1

More than 10,000 patients of Indiana University Health Arnett are
receiving notifications that some of their personal information was on
a laptop computer stolen last month.

On Friday, the health care provider issued a press release stating the
laptop was stolen from an employee’s car on April 9 in White County.

After an internal investigation, IU Health Arnett said it determined
that emails stored on the laptop hard drive may have contained patient
names, dates of birth, physician names, medical record numbers,
diagnoses and dates of service.

The computer did not contain Social Security numbers, financial
information or patient medical records, according to the statement.

The laptop was password protected but not encrypted, and contained
information affecting 10,300 patients, according to spokeswoman Kasey
Fuqua.

IU Health Arnett said it immediately contacted the White County
Sheriff’s Office and continues to work with law enforcement, but the
laptop had not been located as of Friday.

IU Health Arnett stated it has no reason to believe the laptop
information has been improperly accessed or used, but as a precaution
began notifying patients on Friday.

Patients may contact a support center by calling 888-722-0627 between
9 a.m. and 7 p.m., Monday through Friday

To prevent similar situations, IU Health Arnett stated it is reviewing
its policies and procedures. The health system has mandatory privacy
and security training for all of its employees.

The original release from IU Health Arnett did not explain why the
theft was not made public until Friday. When asked that question,
Fuqua issued the following statement:

“Arnett is committed to maintaining the privacy and security of the
patient information provided to us, and we worked hard to notify our
patients as soon as possible. As soon as we learned of the theft on
April 10, we immediately began a thorough internal investigation to
determine which of our patients were affected and what information was
included.”
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: