A laptop computer issued by FHN Healthcare in northwest Illinois was stolen from the vehicle of an employee. The said laptop contained protected health information (PHI) of 4,458 patients. The theft was reported right away to law enforcement, but the laptop hasn’t been found or recovered. By reconstructing the data stored on the missing laptop, FHN Healthcare determined that it contained patients’ PHI which include names, dates of birth, addresses, health record numbers, medical information, health insurance information, Social Security numbers and driver’s license numbers.
All the laptop computers of FHN healthcare are already encrypted. But, unfortunately, the stolen laptop has no encryption. It was just password-protected. FHN explained that the laptop was supposed to be encrypted as well. However, there was a technical problem with their encryption software so the laptop was not encrypted.
After realizing the problem caused by not encrypting the laptop, FHN Healthcare took action to re-encrypt the company’s laptop computers. All employees, including the one whose issued laptop was stolen, underwent re-training regarding mobile device security.
FHN Healthcare sent notification letters by mail to all the patients whose data was compromised as a result of the data breach on November 2, 2018. The patients whose Social Security number or driver’s license number were exposed got complimentary identity theft protection services 12 months courtesy of FHN Health.