Hope Family Health of Westmoreland, Tennessee is dealing with the theft of a finance department employee’s unencrypted laptop that held 8,000 patients’ personal information.
Hope has notified patients who visited the organization between 2005 and August 2013 (as well as those who may have canceled appointments) via mail that their names, Social Security numbers and dates of birth have been potentially compromised as a result of the breach. “The information was fingerprint- and password-protected; however, it was not encrypted,” said Chief Compliance Officer Joey Forman to the Tennessean. “We don’t believe that anyone’s information has been accessed or used in any way that could cause harm.”
The laptop has yet to be recovered and though Hope has advised patients to check up on their credit and identity monitoring, it didn’t offer a year of free monitoring or a similar program. Hope has said since that it has augmented security by moving all protected health information over to a state-of-the-art encrypted database server, according to Forman. “We have spent a lot of money and time to avoid anything like this from ever taking place again,” he said.
Former SCDHHS employee pleads guilty in data breach
Back on April 19, 2012, the Department of South Carolina Department of Health and Human Services (SCDHHS) revealed that a Medicaid employee, Christopher Lykes, had illegally transferred an Excel spreadsheet to his personal Yahoo account. About 228,000 Medicaid beneficiaries had their information exposed, including Social Security numbers.
Now Lykes has admitted to four counts of willful examination of private records by a public official and one count of criminial conspiracy, Attorney General Alan Wilson announced, according to thestate.com. Lykes and Toshia Yvette Latimer-Addison were indicted on four counts of willful examination of private records by a public employee back on Feb. 20, 2013. Lykes can receive up to five years in prison, a $5,000 fine, or both.