United HomeCare Services, Inc. notified 13,617 affected patients via individual letters that a laptop containing information ranging from names and addresses to dates of birth and Social Security numbers back in February. And on Mar. 8, they were all sent a second letter alerting them that that information may have included names, social security numbers, dates of birth, home addresses, service dates, health plan numbers, diagnoses and diagnostic or treatment service codes.
Having this type of information on the laptop is disconcerting because though it had password protection, according to PHIPrivacy.net, it hadn’t been encrypted. While it was scheduled to be encrypted soon, a billing manager took a laptop home with her and it was stolen from her car on Jan. 9.
United HomeCare Services, Inc. will offer two years of free credit monitoring for patients affected by the breach. PHIPrivacy also reports that the organization has said all of their laptops are now encrypted and are in full compliance with their encryption policy. And now all employees have been retrained laptop and client record privacy and security.
Here is an excerpt from the Mar. 8 patient notification letter:
- The police were immediately notified by the employee whose laptop was stolen. A case report was completed and the final report is being prepared.
- In addition to alerting the police, UHC hired a private detective to conduct an investigation of the incident.
- UHC has ensured all of the company laptops are encrypted and are in full compliance with UHC encryption policy. All employees have been retrained on maintaining the security of their laptops and the privacy of client records.
- UHC has made arrangements to offer clients credit protection monitoring for two years at no cost to clients. Clients have been provided with written instructions to take advantage of this offer, and UHC has provided them with additional information on identity theft protection.
- UHC has informed clients that UHC will never call clients to ask for bank account numbers or similar financial information, and alerted them to contact UHC if they receive a phone call asking for personal information that seems suspicious.