The Easter Seal Society of Superior California recently began notifying several thousand clients' parents that their children's health records may have been exposed when a work-issued laptop was stolen from an employee's car.
"Upon learning of this incident on December 10, 2013, Easter Seals immediately launched an internal investigation, hired specialized data security counsel to assist in the response to this incident, and retained external forensics experts to assist in determining the scope of this event," Easter Seal Society of Superior California president and CEO Gary T. Kasai wrote in the notification letter [PDF]. "These investigations revealed that although the computer was powered off, password protected, and not connected to the Internet at the time of theft, e-mails containing the health information of certain Easter Seals clients and potential clients could still be accessed."
The e-mails contained the children's names, birthdates, healthcare provider information, healthcare billing information, patient identification numbers and occupational therapy notes.
The Modesto Bee reports that a total of 3,026 Easter Seals clients and potential clients are affected.
"Following this incident we undertook a review of our internal policies and procedures related to protected health information, as well as the enforcement of our employees' adherence to these policies and procedures," Kasai wrote. "All necessary steps are being taken to ensure that this type of event does not occur again in the future."
All those affected are being offered one free year of identity protection services from AllClear ID.