Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Michigan Department of Community Health (MDCH) recently announced that 2,595 people's personal information may have been exposed when a laptop and flash drive were stolen from an employee of the State Long Term Care (LTC) Ombudsman's Office on the evening of January 30, 2014 or the early morning of January 31, 2014 (h/t PHIprivacy.net).
MDCH learned of the theft on February 3, 2014 and notified the police, but the laptop and flash drive have not been recovered.
While the laptop was encrypted, the flash drive was not.
The unencrypted drive contained 2,595 names and addresses, and in some cases, birthdates. In 1,539 cases, the drive also contained the affected people's Social Security numbers or Medicaid identification numbers.
"MDCH takes any potential breach of security with the utmost seriousness and sincerely regrets that this breach occurred," MDCH chief deputy director Nick Lyon said in a statement. "We are working swiftly to notify any individuals who may have been impacted and with staff to tighten our security procedures going forward."
All those whose Social Security numbers or Medical identification numbers were compromised are being offered free access to credit monitoring services.
"The State LTC Ombudsman program is reviewing its data security processes to prevent any future data breaches, and the MDCH is conducting additional training on data security, in particular portable electronic devices, for the Ombudsman’s office and MDCH employees," MDCH said in a statement.