Kidney care and dialysis company DaVita recently began notifying 11,500 patients and some employees that their names, diagnoses, insurance information and dialysis treatment information may have been exposed when a password-protected but unencrypted laptop was stolen from an employee’s vehicle (h/t HealthITSecurity).
For approximately 375 patients, the information on the laptop also included their Social Security numbers.
“Although DaVita maintains a company-wide program and policy requiring encryption of laptop computers, we discovered that the encryption technology on this particular device had been uninentionally deactivated,” the company stated in the notification letter [PDF].
While there’s no indication at this point that the data was accessed or used, the 375 patients whose Social Security numbers were on the laptop are being provided with a year of free credit monitoring and identity protection from ID Experts.
“We sincerely apologize for any inconvenience or concern this incident may cause our patients,” DaVita spokesperson Skip Thurman said in a statement. “DaVita has reviewed its encryption practices and implemented additional safeguards to protect against any future instances of non-compliance with our encryption policies and procedures.”