From: security curmudgeon (jerichoattrition.org)
Date: Mon Sep 13 2010 - 16:25:35 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.phiprivacy.net/?p=3070

SunBridge Healthcare notifies 3,830 residents of stolen laptop
By Dissent, July 14, 2010

On July 9, SunBridge Healthcare Corporation of New Mexico issued the
following press release:

     A password-protected laptop computer, containing resident information
from 10 states was stolen in May 2010. The states involved are Arizona,
California, Colorado, Idaho, Montana, New Mexico, Oklahoma, Utah,
Washington and Wyoming.

     The theft was immediately reported to local law enforcement and the
company.s privacy officer. After thorough investigations by our compliance
and information technology departments, working with outside experts, we
concluded that the information on the stolen laptop included names,
medical record numbers, dates of service, and clinical data, as well as
social security and health insurance numbers. No credit card data or other
financial information was stored on the stolen laptop.

     Although there has been no indication that the information on the
computer has been improperly accessed or misused. The company engaged
Kroll Inc., to operate a toll-free call center to address any questions,
address identity theft concerns, and provide comprehensive identity theft
safeguards to individuals affected by this incident. Kroll.s Fraud
Solutions team has more experience than any other organization when it
comes to helping people who have encountered the unintentional exposure of
confidential data.

     In addition, the company has taken a number of steps to prevent
further breaches in the future, including reinforcing with its staff the
proper protocols required to maintain the security of personal
information. Also, the company.s internal encryption practices have been
strengthened to ensure that no laptop computers are issued to employees
without encryption software installed.

     The centers involved are in the process of notifying each of the
patients, residents or their guardians, as well as the U.S. Department of
Health and Human Services. These notifications are being made pursuant to
the Health Information Technology for Economic and Clinical Health Act
approved in 2009. Individuals who would like more information may call
1-877-309-0173, toll-free, between 6 a.m. and 3 p.m. (Pacific Time),
Monday through Friday.

According to the corporation.s report to the U.S. Department of Health &
Human Services, 3,830 residents had data on the stolen laptop.

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]