- After an employee’s laptop was stolen, Alabama-based Pathways Professional Counseling has announced that it experienced a PHI data breach.
“Pathways Professional Counseling is notifying affected service recipients of a data security event that has affected the security of some of their information,” the hospital said in a statement. “Pathways Professional Counseling is providing notification of this incident to affected individuals so that they may take steps to protect their information should they feel it is appropriate to do so.”
According to a hospital statement, the breach occurred on September 25, 2015, after an employee’s company-issued laptop was stolen out of his car. Pathways explained that the theft was immediately reported to both local police as well as Pathways Professional Counseling.
Pathways also reported it disclosed the breach to the Department of Health and Human Services (HHS) per HIPAA regulations, however information regarding the breach has not yet been entered into the HHS health breach database at the time of this article’s publication.
Potentially disclosed patient information includes patient names, Social Security numbers, dates of birth, addresses, treating physician names, diagnoses or clinical information, phone numbers, email addresses, demographic information, health insurance information, treatment information, and medication information.
Although neither Pathways nor the local authorities have recovered the stolen laptop, the device was password protected, and both parties confirm that there is not evidence of wrongdoing or fraudulent practice with the laptop.
However, Pathways reported that it still took several security precautions. For example, it traced what information could have potentially been stored on that specific device, it changed the employee’s security credentials, and it ended the device’s network connectivity abilities.
Furthermore, Pathways has offered one year free credit monitoring to all potentially affected individuals. Pathways reportedly included information on how to enroll in this credit monitoring in its notification letters, which were sent on November 24.
Pathways also provided suggestions for fraud monitoring, including receiving free credit reports annually and monitoring bank and credit accounts.
The healthcare industry has experienced several other similar healthcare data breaches in recent months. In October, Georgia’s Department of Behavioral Health and Developmental Disabilities (DBHDD) announced a health data breach also as the result of an employee laptop stolen from a car.
Potentially disclosed information in this case included patient names, addresses, phone numbers, dates of birth, names of guardians, marital status, Social Security numbers, Medicaid numbers, diagnoses, behavioral data and other information. The breach potentially affected approximately 3,397 individuals.