BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

PHI Breach for Major Eye Care Group in Northern California

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 13 Aug 2013 21:07:11 -0400
http://www.healthdatamanagement.com/news/breach-notification-hipaa-privacy-security-46476-1.html

Retinal Consultants Medical Group in Sacramento, with 10 offices
serving Northern California, has announced the theft of an unencrypted
laptop computer.

The organization has issued notifications but has not disclosed the
number of affected patients, which it will have to do when it files a
report with the HHS Office for Civil Rights, which enforces the HIPAA
breach notification rule. The privacy officer for Retinal Consultants
did not return a telephone call seeking information on the scope of
the breach and whether affected patients are being offered
credit/identity theft protective services, although the notification
does not mention such services.

“In compliance with California and federal law, patients affected by
the security breach are being notified of the incident, and, although
the company is not aware of any access or misuse of the PHI by an
unauthorized individual, they are strongly encouraged to take steps to
eliminate or minimize any potential harm that could be caused by the
theft,” according to the notification. “This includes, but is not
limited to, obtaining credit reports from one or more of the major
credit reporting agencies, and monitoring financial and banking
accounts for unauthorized activity.”

The laptop, which was a component of a diagnostic imaging machine, was
found missing on June 7. Protected information on the computer
included patient name, date of birth, gender, race and optical
coherence tomography images. Addresses, drivers’ license numbers and
Social Security numbers were not on the laptop.

Retinal Consultants is increasing internal and external security of
its premises and is determining “how we can further secure laptop
data,” according to the notice.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: