Genesis Rehabilitation Services Acknowledges Security Breach


Pennsylvania's Genesis Rehabilitation Services (GRS) recently began notifying 33 employees, agency employees and applicants that their personal information may have been exposed when a GRS employee's USB drive that had been left in a secure office at GRS' Lebanon Center was found to be missing on September 3, 2013 (h/t

The missing drive contained 33 names, addresses or e-mail addresses and Social Security numbers.

While there's no indication that the information was inappropriately accessed or used, the incident was reported to law enforcement.

"Since then, we have taken the following steps to ensure that something like this does not happen again: immediately counseled the employee who lost the drive on the importance of following GRS policy that states that only encrypted USB travel drives may be utilized; continuing to encrypt and protect employee and resident data through secure SSL technology; updating our company policies and procedures on data security and privacy; and enhancing company-wide data security awareness of the importance of data security and patient and employee privacy," GRS compliance officer Harry Alberts wrote in the notification letter [PDF].

All those affected are being offered one year of free credit monitoring services from Kroll.