BreachExchange mailing list archives
Break-in at North Lincoln County Community Health Center Clinic
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 21 Jun 2013 10:27:49 -0500
http://www.thenewsguard.com/news/article_6cae4b3c-d549-11e2-9aeb-0019bb2963f4.html NEWPORT - "It feels really not good and it is a violating feeling to have someone break into your clinic," said Gretchen Gantz, HIPAA Privacy and Security Officer for Lincoln County Health and Human Services. Her statement follows the break-in of the North Lincoln County Community Health Center Clinic at 4422 N.E. Devils Lake Blvd., in Lincoln City. "Plus we now have the added expenses of having to replace things that are grant funded. We run on a shoestring budget, so it is hard when you have a hit like that," said Gantz. During the evening of April 17, the Clinic and surrounding offices in the same building, were broken into by an unknown person or persons, according to a release from Casey Miller, Lincoln County public information officer. Locked doors, rooms and cabinets were forcibly entered. Money was taken from the clinic, but it appears no other records or materials were removed. No electronic devices were taken or accessed. However, the locked room which contains medical charts for clients was breached. These files contain protected health information and may also contain information such as social security numbers and personal financial information. Lincoln County has identified and notified the clients whose protected health information and personal information was in those files. "In accordance with law and standard practices in these situations we are notifying clients of this breach of our security because this information potentially could be compromised, " said Casey. "The charts have been secured and security at the clinic is being enhanced. At this time, there is no evidence to suggest that there was an attempt to obtain or use any protected health or personal information." But Casey said there is always some risk in these situations, so Lincoln County is contacting the three major credit reporting agencies about the incident and has given those agencies a general report, alerting them to the fact that the incident occurred. "There is a potential that protected health information could have been breached," said Gantz. "That's why we are notifying all our clients." Letters were sent to about 1,000 North Lincoln County Community Health Clinic clients on June 13. "We want our clients to make sure their personal financial records are secure," said Gantz. "Just in case. It is due diligence to make sure that our clients are taken care of." Gantz said none of the computers, other electronic equipment and medical supplies were disturbed. "It appears that the suspect or suspects knew how to effectively use a crow bar. We have to replace several desks and several doors that were damaged by the crow bar." She said the clinics safe was also broken into and about $170 taken. The News Guard's calls to Lincoln City Police detectives about suspect information have not been returned as of June 18. Gantz said public notification of the break-in was delayed due to the investigation circumstances and the need to first notify clinic clients. Clients were given a recommendation to monitor their financial accounts and promptly contact the financial institution if any unauthorized activity is observed. Clients can also submit an identity theft complaint to the Federal Trade Commission by calling toll free to 1-877-ID THEFT (1-877-438-4338 or online athttps://www.ftccomplaintassistant.gov/ Clients may also want to contact the three credit reporting agencies (Equifax, Experian and TransUnion) to obtain a free credit report from each by calling 1-877-322-8228 or online at www.annualcreditreport.com. Even if suspicious activity is not found on initial credit reports, the Federal Trade Commission (FTC) recommends that credit reports be checked periodically Consumer protection laws allow people to place a security freeze or a fraud alert on their credit files. By placing a freeze, someone who fraudulently acquires personal identifying information will not be able to use the information to open new accounts or borrow money in another person’s name. An alert places a statement in the credit file that notifies anyone requesting a copy of the credit report that the person may be the victim of an ID theft. Generally, if an identity theft complaint is filed with the FTC as outlined above, there may be no charge to place the freeze. If, however, any client involved in this incident is charged and pays a cost from the credit reporting agency associated with this option, they can contact the county at the address below and provide documentation of payment to be reimbursed. Lincoln County will provide additional information concerning identity theft on its website at www.co.lincoln.or.us. Lincoln County takes the role of safeguarding the personal information of clients very seriously and is doing everything it can to prevent this situation in the future. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Break-in at North Lincoln County Community Health Center Clinic Erica Absetz (Jun 21)