Truman Medical Centers located in Kansas City, MO, the biggest inpatient and outpatient services provider in the city, learned that an unencrypted laptop computer that contains 114,466 patients’ protected health information (PHI) was stolen from the vehicle of an employee.
Though the laptop was password-protected, it’s possible to decipher the password and access the information stored on the device. When Truman Medical Centers issued the notices, there was no evidence yet about the access or misuse of any patient information by an unauthorized person.
The laptop contained various types of data for every patient. The information might have included the patients’ names and one or more of these data elements: patient account numbers, birth dates, medical record numbers, Social Security numbers, medical insurance information, and some medical and treatment information, such as diagnoses information, names of provider and dates of service.
The theft transpired on July 18, 2019, nevertheless, it was just confirmed on October 29, 2019 that the laptop contained patient information. Truman Medical Centers already sent breach notification letters by mail to all the people whose PHI was compromised. The center also offered credit monitoring and identity protection services for free to those who had their Social Security numbers compromised.
Employees obtained more HIPAA training in portable device security. Laptop computers issued to employees were likewise installed with extra controls to reinforce security.
Blackberry That Contains the PHI of 2,477 Patients of La Clínica de La Raza, Inc. Stolen
La Clínica de La Raza, Inc. offers primary health care and other services in the counties of California, namely Contra Costa, Solano, and Alameda. It recently identified a portable electronic device stolen on August 20, 2019.
Someone stole the briefcase from the vehicle of an employee, which contained a Blackberry gadget released by La Clínica de La Raza. A computer forensics firm helped La Clínica de La Raza to confirm that that the device stored the PHI of 2,477 patients on October 16, 2019.
The information was obtained from two email messages that were downloaded to the Blackberry unit. The data included in the email messages were names, birth dates, medical record numbers and non-sensitive test information.
Although unauthorized individuals could possibly access the data, La Clínica de La Raza mentioned that PHI access would have been difficult. La Clínica de La Raza informed the impacted patients regarding the breach via mail on December 13, 2019 and gave them complimentary 12-month membership to credit monitoring and identity protection services.
The firm is additionally taking action now to reinforce the protection of portable electronic gadgets and the employees have more training about portable device security.