Fort Worth medical clinic spends $15, 000 notifying patients of theft

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.star-telegram.com/2010/08/06/2389717/fort-worth-medical-clinic-spends.html

By Jan Jarvis
star-telegram.com
Aug. 06, 2010

FORT WORTH -- In June, employees at a Fort Worth allergy clinic discovered 
that the office door had been kicked in and four computers containing 
patients' personal information including Social Security numbers and birth 
dates had been stolen.

This week Fort Worth Allergy and Asthma Associates spent $15,000 mailing 
letters notifying the clinic's 25,000 patients of the burglary. The stolen 
computer database also contained patient's addresses and diagnoses, Dr. 
Robert Rogers said.

"In terms of sensitive clinical information that could be taken, we're an 
allergy clinic so I don't think there was anything embarrassing taken," he 
said. "It's bad enough that they did get identity information like Social 
Security numbers."

Since September, the Health Insurance Portability and Accountability Act 
has required that a data breach involving unsecured protected health 
information of more than 500 people must be reported to the federal 
government. Anyone who is affected and major news outlets must be informed 
of the data breach.

"The cost of doing the mailing is more than cost of replacing the 
equipment," Rogers said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php