Sentara taking action to protect patients after security breach

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://wtkr.com/2013/01/02/sentara-taking-action-to-protect-patients-after-security-breach/

Sentara Healthcare System is taking action to protect its patients
after someone stole a contractor’s laptop in California.

“Fortunately, the amount of information was limited to patients’
names, medications and date of births. There was no financial
information involved, no social security numbers or insurance
information,” said Greg Burkhart, the Chief Privacy Officer for
Sentara.

Burkhart tells NewsChannel 3 that he does not believe any personal
data has been accessed or used improperly since the security breach.
But the contractor, Omnicell Inc., is still notifying patients through
a letter out of caution.

“We’ve been working with them [Omnicell] since they advised us of the
incident. They [Omnicell] have changed security protocols, they’ve
provided employee information and updated security policies. They’ve
[Omnicell] been working with us to get to the bottom of this incident
and advised everyone that needs to know,” Burkhart said.

Anyone treated between October 18th and November 9th at any of
Sentara’s seven hospitals and three outpatient care centers in our
area may have been affected.

Ominicell is also now requiring all contractors and vendors to use
encryption software when accessing patient information as part of an
agreement with Sentara.

“We trust that this problem will not occur again,” said Burkhart.

The letters were mailed to all affected patients beginning this week.
If you do not receive a letter by January 21 or still have some
concerns, you can call 1-855-755-8482 and enter the reference code
6236121712.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.