Hard drive stolen by employee contained thousands of patients’ information

[Lee J <lee () riskbasedsecurity com>]

http://www.phiprivacy.net/tx-hard-drive-stolen-by-employee-contained-thousands-of-patients-information/

Alex Belser of KTEN
reports<http://www.kten.com/story/23141653/disk-drive-with-patient-records-disappears-in-sherman>
that a
computer drive containing medical records of nearly 3,000 patients was
stolen from the *North Texas Comprehensive Spine and Pain Center *in
Sherman, Texas. The law firm representing the center says that there’s no
indication of any misuse of the data, but the stolen external hard drive
contained patients’ names, Social Security numbers, dates of birth,
addresses, and diagnoses.

The theft was reported to police back in June and the employee responsible
for the theft was reportedly fired.  The report does not indicate whether
the drive was ever recovered.

There does not seem to be any substitute notice on the center’s web
site <http://www.northtexasspineworld.com/>at
the time of this posting and they do not seem to have offered affected
patients any free credit monitoring services even though they are advising
them to check their bank statements and credit reports.

PHIprivacy.net sent the center an email inquiry as to whether the drive had
been recovered and whether the data had been encrypted but the center did
not reply by the time of this publication.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.