Laptop Theft Incidents and Phishing Attacks Impact 9,400 Patients

This is a summing up of healthcare data breaches shared as of late to the press and the Department of Health and Human Services’ Office for Civil Rights

Pennsylvania Department of Human Services learned that its Compass system seemed to have a system error in its Compass system enabling some persons to look at the protected health information (PHI) of other individuals who, at particular point, were part of identical benefit household but are at present part of other active case file.

The compromised data could include names, date of birth, citizenship and all details reported regarding work, but not Social Security numbers. There wasn’t any report acquired thus far that indicates data was seen and used inappropriately. The system glitch was identified on May 23, 2018 and has been resolved. All 2,130 persons likely affected were informed regarding the breach by postal mail.

The Institute on Aging based in San Francisco, CA learned that an unauthorized individual got access to several employees’ email accounts. The breach was found on May 28, 2018, however it is at this time uncertain how much time the email accounts were accessible.

The Institute on Aging asked the help of experienced data security response specialists to protect its systems and handle the breach response. The compromised employee email accounts were inspected and found to include the protected health information (PHI) of 3,907 people. The following details were contained in email messages and attachments: patient and employee names, email addresses, dates of birth, financial documents, diagnoses, treatment details, and medical payment data.

All persons impacted by the breach were informed on July 20 and were given complimentary one year credit monitoring and identity theft protection services.

Rocky Mountain Health Care Services based in Colorado Springs has learned that the unencrypted laptop computer supplied to a personnel was stolen. The laptop computer stored the PHI of 1,087 patients.

On May 15, 2018, the computer was taken, prompting a rapid scrutiny to find out the kinds of data kept on the laptop. The investigators determined that the breach data was limited to names, dates of birth, addresses, Social Security numbers, diagnoses, prescription details and treatment programs. Impacted persons have been given credit monitoring and identity theft restoration services for one year without charge.

This is the 3rd occasion that Rocky Mountain Health Care Services suffered laptop computer theft in the last twelve months. Rocky Mountain found out that a laptop computer had been stolen on September 28, 2017. After that on June 18, 2017, a cellular phone and laptop computer were found to have been thieved.

Rocky Mountain Health Care Services has already evaluated its guidelines and procedures on data protection, has implemented cellular device security controls, and now encrypts data on all company-provided laptop computers.

The Ambercare Corporation based in New Mexico, which offers hospice and home care services, made an announcement that an unencrypted laptop with the PHI of 2,284 patients may have been lost or quite possibly stolen.

The laptop, which was issued to an Ambercare personnel, was found to be lost on May 30, 2018. The laptop computer has password-protection activated, however it wasn’t encrypted. The PHI saved on the laptop was used by the personnel to carry out duties and contained names, dates of birth, addresses, diagnostic data, clinical details, and Social Security numbers.

Ambercare already reported the loss or theft to the police and the company staff have gotten more training on physical protection. Because Social Security numbers were compromised, impacted patients were provided free credit monitoring services via Experian for one year.