An unencrypted laptop was stolen from the Phoenix, Arizona clinic of Solis Mammography, otherwise known as Ben-Ora, Hansen, Vanesian Imaging Ltd. Solis Mammography learned of the incident on October 17, 2018 and informed law enforcement immediately but the laptop hasn’t been retrieved up to now. A computer forensics company is assisting Solis Mammography in rebuilding the data that the laptop contained.
Even if the investigators confirmed that the laptop contained protected health information (PHI) of some patients, there’s no certainty regarding the exact information that were compromised.
Solis Mammography thinks that the individual who has possession of the laptop may have possibly viewed the information stored on it. The following patient information were likely included in the laptop content: names, birth dates, health insurance plan information, medical images and laboratory test results. The laptop was not used to store any financial information.
Because of the breach, Solis Mammography implemented safety controls, such as the use of strong passwords and strict access controls, to further secure patient information. Policies and procedures were reviewed, particularly the updating of patient information and the safe disposal of the same when no longer needed.
No report has been received about the possible misuse of any information that the laptop contained. However, the patients were cautioned to review their statements of transactions from healthcare providers and insurance companies for services which they did not receive.
Solis Mammography reported the incident to the Department of Health and Human Services’ Office for Civil Rights on December 16, 2018. The breach report mentioned that the patient privacy of around 500 patients were impacted by the stolen device.