Kidney care and dialysis company DaVita recently began notifying 11,500 patients and some employees that their names, diagnoses, insurance information and dialysis treatment information may have been exposed when a password-protected but unencrypted laptop was stolen from an employee's vehicle (h/t HealthITSecurity).
For approximately 375 patients, the information on the laptop also included their Social Security numbers.
"Although DaVita maintains a company-wide program and policy requiring encryption of laptop computers, we discovered that the encryption technology on this particular device had been uninentionally deactivated," the company stated in the notification letter [PDF].
While there's no indication at this point that the data was accessed or used, the 375 patients whose Social Security numbers were on the laptop are being provided with a year of free credit monitoring and identity protection from ID Experts.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"We sincerely apologize for any inconvenience or concern this incident may cause our patients," DaVita spokesperson Skip Thurman said in a statement. "DaVita has reviewed its encryption practices and implemented additional safeguards to protect against any future instances of non-compliance with our encryption policies and procedures."