Keeping your organization secure starts with understanding the physical risks you face. That’s why Senseon keeps track of the most recent physical data breach announcements each month. If you’re interested in learning more about measures you can take to minimize the risk of your facility ending up on this list, we can help.
Coplin Health Systems has notified approximately 43,000 patients after a hospital laptop was stolen from an employee’s vehicle in November. It’s believed that the laptop housed documents with patient names, addresses, SSNs, dates of birth as well as financial and health information. The laptop was password protected and outfitted with other security features, but the hard drive was not encrypted.
Coplin’s IT department immediately disabled the employee’s network access and is currently monitoring the situation. So far, it does not appear that anyone has tried to use the device to access the hospital’s network. According to their letter, Coplin is working with law enforcement to address the issue and prevent future incidents. They have also promised to ensure that internal policies and procedures are followed and to conduct a review of the security precautions to identify areas that might be in need of supplementation.
An unencrypted portable hard drive went missing from a bone density testing workstation at Charles River Medical Associates in Framingham, MA in November of last year, putting 9,000 patients’ information at risk of exposure. An investigation was conducted, but CRMA officials still could not locate the drive or determine whether any information had been compromised.
The hard drive, which was used for monthly backups of the workstation, is believed to have included names, dates of birth, CRMA patient ID numbers and bone density scan images. CRMA has offered potentially affected patients a year of free credit monitoring from one of the three major credit monitoring companies.
An unencrypted laptop is at the center of the breach of about 1,000 patients at Penn Medicine in Philadelphia. An unencrypted laptop containing patient names, dates of birth, patient account numbers, medical records, as well as medical and demographic information was found to have been stolen from the hospital. Penn Medicine is working with its computer manufacturer, ISP, and police to determine how far-reaching the incident is. As of now, no evidence has been discovered that the laptop, which was password protected, has been turned on or accessed.
Records from the MD Medical Spa and Wellness Center in Hyannis were recently found dumped in New Bedford. The records included social security numbers and licenses printed in the files. The clinic, which closed its doors in 2016, reportedly hired a man named “Dave” to shred the documents. The dumped records were discovered after a nurse decided to leave a tip that bins had been left in the street. It’s been reported that police have picked up the discarded records.
A desktop from Advocate Lutheran General Hospital made its way all the way to the Philippines according to the Chicago Tribune.
The computer was reported stolen on January 8 as a result of a man contacting the hospital to request help unlocking it after claiming he purchased it at a “resale shop.” It’s suspected that the computer might have been stolen as far back as August though no report was made until January 7. A spokesperson for Advocate Lutheran General said that the computer was “encrypted with advanced security software” but that it was not used to store medical records or patient information.
The American Journal of Managed Care recently released the results of a study that used data from the Office of Civil Rights to examine breaches that affected 500 or more individuals between 2009 and 2016. The objective was to describe the location within hospitals where data is breached, the type of breaches that occur most frequently, and associated hospital characteristics.
The study found that hospital breaches affected the largest number of individuals and that while network server breaches affected the highest number of patients overall, paper and film breaches were the most common location of breached data. The study recommends that hospitals should conduct routine audits of vulnerabilities and improve access control to help prevent breaches.