ABQ Health Partners' patient records on missing laptop

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.kob.com/article/stories/S2861824.shtml?cat=500

Some patient records may be in jeopardy, thanks to a lost or stolen
laptop computer from ABQ Health Partners, the state's largest
independent doctor's group.

ABQ Health Partners sent out a letter telling patients their personal
information is at risk of falling into the wrong hands.

Lisa Martinez got the news, along with an undisclosed number of other
patients. Her name, date of birth, health plan ID number and diagnosis
information were on a spreadsheet in the laptop. Somebody could be
looking at it right now.

"They can easily do anything with my information," Martinez said.
"They can get ID or sell my information to other people. They can do a
lot of things. That's going around everywhere."

ABQ Health Partners apologized in the letter for the potential
disclosure of their personal information.

"Please know that ABQ Health Partners takes our patients' privacy and
confidentiality very seriously," the letter reads. It also suggests
patients may want to put a "fraud alert" on their credit files, and
enclosed an instruction sheet on how to do that.

"This has never happened to me before and now it happens through a
hospital," Martinez said. "There's something wrong here. This needs to
be taken care of immediately."

KOB Eyewitness News 4 received a statement Monday afternoon from ABQ
Health Partners. It reads, "The instance in question involved minimal
patient information - no social security numbers, addresses or access
to patient health records were released. We take our patients’ privacy
seriously and took the appropriate steps to inform patients of this
situation, including how they can protect their personal information.
We are committed to our patients and their privacy in all of our
operations."
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.