Computer Thefts Expose Over 45,000 Patients’ Personal Data

Three recent burglaries at medical facilities exposed 47,686 patients’ personal information, ranging from their names and years of service to their Social Security numbers, driver’s license numbers and diagnosis information.

South Carolina’s Self Regional Healthcare recently announced that an unencrypted laptop was stolen during a burglary at one of its facilities on May 25, 2014 (h/t Becker’s Hospital Review).

Fox Carolina reports that the laptop held 38,906 patients’ names, Social Security numbers, driver’s license numbers, physician names, insurance policy numbers, patient account numbers, service dates, diagnosis/procedure information, payment card information and financial account information.

When two people involved in the theft were arrested, one of them told police that he threw the laptop into a lake — though divers were later unable to find the laptop.

“We retained third party computer forensic experts to assist with the investigation of this incident, even though the intruders admitted their actions to law enforcement and claimed never to have accessed the laptop,” Self Regional Healthcare president and CEO Jim Pfeiffer said in a statement. “Because we do not have the laptop in our possession, Self Regional must assume there is a possibility that someone may have accessed certain patients’ protected health information.”

All affected patients are being offered one free year of access to Experian’s ProtectMyID Alert service.

California’s Bay Area Pain Medical Associatees recently began notifying 2,780 patients that their personal information may have been exposed when three desktop computers were stolen from its office on May 19, 2014.

While all medical records on the computers were encrypted, an unencrypted Excel spreadsheet on one of the computers held 2,780 patient names and years of service. No financial or medical information was contained in the spreadsheet.

“Please be assured that we have taken every step necessary to address the incident and have changed the security on that document,” the company said in a statement.

All affected patients are being offered free access to identity protection services from AllClear ID.

And Haley Chiropractic of Tacoma recently began notifying 6,000 patients that their personal information may have been exposed when three unencrypted computers were stolen from its clinic on May 10, 2014 (h/t

The computers held the affected patients’ names, addresses, birthdates, Social Security numbers and diagnosis information.

“Haley Chiropractic of Tacoma retained experts to assist in determining the risk to patients and to make recommendations to improve information management and security,” the clinic said in a statement. “The Clinic believes there is a low risk of misuse of patient information but any risk to our patients is unacceptable.”

As Lastline co-founder and CTO Giovanni Vigna recently told eSecurity Planet, breaches like these demonstrate how crucial it is to encrypt computers containing sensitive data.

“You can have all the security you want, but if somebody leaves their laptop unencrypted, someone can just pick it up and have full access to everything,” Vigna said.

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Related articles