Establishing Digital Trust: Don't Sacrifice Security for Convenience
Kaiser Permanente's Kaiser Foundation Hospital Orange County Anaheim Medical Center recently began notifying an undisclosed number of patients that their names, medical record numbers and birthdates may have been exposed when a USB flash drive was found to be missing on September 25, 2013 (h/t PHIprivacy.net).
"We're making every effort to recover it, have investigated the matter and are taking the appropriate steps to remedy the situation," Kaiser Foundation Hospitals Orange County senior vice president and executive director Julie Miller-Phipps wrote in the notification letter [PDF]. "We have no reason to believe that the information is being used for fraud or other criminal activity. Your Social Security number was NOT contained in the data."
"On behalf of Kaiser Permanente, we offer our sincerest apology that this unfortunate incident occurred," Miller-Phipps added. "We assure you that safeguarding your information is one of our highest priorities."
Still, as PHIprivacy.net observes, there's a lot of information missing from the letter. Was the drive last seen on hospital premises, or was it lost or stolen off site? Was the drive encrypted? Was carrying patient data on a flash drive a breach of Kaiser's policies? And what steps are they taking in response to the breach?https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The notification letter advises patients with questions or concerns to contact Kaiser Permanente at (800) 443-0815.