- Caledonia Home Health and Hospice, located in Vermont, recently alerted patients of a data breach involving an employee’s stolen Netbook on July 20. The device was stolen from their home and Caledonia sent notification letters on August 6.
Susan Johnson, Director of Clinical Care and Performance Outcomes and Compliance Officer of Northern Counties Health Care, Inc., explained what happened to the Netbook in the notification letter and the steps patients need to take to protect their identities:
I am writing to you because of a recent security incident at Caledonia Home Health and Hospice. On July 20, 2013 one of our nurses had her work issued Netbook stolen from her home. The Netbook contained the home health program, Palmwyse in which patient protected information, including Social Security numbers, was documented. A police report has been filed with the Vermont State Police. It has been determined that your health information was in the Palmwyse program on the stolen Netbook.
The Netbook was password protected, as was the Palmwyse program. While we think it is unlikely the information could be accessed without the dual password process, it is not impossible. Below is a check list of suggestions of how you can best protect yourself from potential misuse of your personal information…
Here were the steps that Johnson listed for affected patients:
1. Review your bank, credit card and debit card account statements over the next twelve to twenty-four months and immediately report any suspicious activity to your bank or credit union.
2. Monitor credit reports with the major credit reporting agencies (Equifax, Experian and TransUnion). Under Vermont law, you are entitled to a free copy of your credit report from those agencies every twelve months.
3. If you do find suspicious activity on your credit reports or other account statements, call your local police or sheriff’s office and file a report of identity theft.
4. If you find suspicious activity on your credit reports or on your other account statements, consider placing a fraud alert on your credit files so creditors will contact you before opening new accounts. Call any one of the three credit reporting agencies at the number below to place fraud alerts with all of the agencies.
5. If you find suspicious activity on your credit reports or on your other account statements, consider placing a security freeze on your credit report so that the credit reporting agencies will not release information about your credit without your express authorization. A security freeze may cause delay should you wish to obtain credit and may cost some money to get or remove, but it does provide extra protection against an identity thief obtaining credit in your name without your knowledge. If you have Internet access and would like to learn more about how to place a security freeze on your credit report, please visit the Vermont Attorney General’s website.
As PHIPrivacy.net reports, we don’t know whether the Netbook was encrypted. But Caledonia likely would have mentioned anything beyond just password protection for technical safeguards in the notification letter.