Unencrypted Laptops Expose Over 400,000 Patients' Medical Data
Far too many unencrypted laptops containing vast amounts of sensitive data are still being left in employees' vehicles.
In three separate incidents, the thefts of unencrypted laptops from healthcare providers potentially exposed more than 400,000 patients' personal and protected health information (PHI).
Home prescription delivery provider OptumRx recently began notifying 6,229 people that their personal information may have been exposed when an unencrypted laptop belonging to an OptumRx vendor was stolen from an employee's vehicle in Indianapolis on March 16, SC Magazine reports.
The laptop held customer names, addresses, health plan names, prescription drug information, prescribing provider information and in some cases, birthdates. All those affected are being offered one free year of access to LifeLock identity theft protection services.
In a notification letter [PDF] to those affected, OptumRx chief privacy officer Mitchell W. Granberg stated that the company is working with the vendor in question to put additional protections in place to prevent a similar incident from occurring in the future.
"These measures include additional security requirements on laptops they use for OptumRx work, training and reinforcement of existing policies and practices, and further evaluation of additional safeguards," Granberg wrote.
California's Imperial Valley Family Medical Care Group recently stated that an undisclosed number of patients' personal information may have been exposed when a laptop was stolen from a physician's office on March 21, HealthITSecurity reports.
The information that may have been exposed includes names, addresses, birthdates, personal health information, Social Security numbers, driver's license information and California identification card information.
"Please be assured that we have taken every step necessary to address the incident, and that we are committed to fully protecting all of the information that has been entrusted to us," chief strategic officer Donald G. Caudill wrote in a notification letter [PDF] to those affected.
And California Correctional Health Care Services (CCHCS) recently acknowledged that as many as 400,000 people's personally identifiable information (PII) and PHI may have been exposed when an unencrypted laptop was stolen from a staff member's personal vehicle on February 25, DataBreaches.net reports.
All those potentially affected were patients incarcerated within the California Department of Corrections and Rehabilitation (CDCR) between 1996 and 2014.
"Appropriate actions were immediately implemented and shall continue to occur," CCHCS director of communications and legislation Joyce Hayhoe said in a statement [PDF]. "This includes, but is not limited to, corrective discipline, information security training, procedural amendments, process changes and technology controls and safeguards. As necessary, policies, risk assessments and contracts shall be reviewed and updated."
A recent eSecurity Planet article looked at 7 full disk encryption solutions to check out.
Photo courtesy of Shutterstock.