Maintaining security measures and training can help prevent healthcare data breaches.
- Healthcare facilities should remain vigilant in their security measures and keep devices containing PHI locked away and encrypted to minimize the possibility of healthcare data breaches. This, along with properly training staff on how to prevent healthcare data breaches, could help mitigate many types of healthcare security issues.
Stolen laptop contained info on 5,000 patients
On Dec. 9, Reachout Home Care Services published a notice on its website in regard to the theft of an unencrypted laptop computer that contained protected health information (PHI) of customers who live in the Dallas/Fort Worth area.
According to the notice, the theft happened in October at the offices of ReachOut Home Care in Richardson, Texas. Approximately 5,000 individuals had their information potentially exposed. The computer contained names and claims data for patients, according to the statement. Moreover, Medicare identification numbers were included in a few cases.
Reachout explained that it has policies and procedures in place to maintain the security of its members’ information. However, the organization added that it is taking additional steps because of this incident. Reachout will review its technical security procedures and take an inventory of and review of all its equipment that maintains PHI to ensure that everything is encrypted.
“At this time, ReachOut Home Care has no reason to believe the information has been used inappropriately,” the notice explained. “ReachOut Home Care is in the process of notifying all of its customers whose information was on the computer and will provide individuals whose Medicare identification number was included free access to a credit-monitoring service that can help them protect against potential misuse of their information. We are strongly encouraging these ReachOut Home Care customers to enroll for the free service.”
PHI exposed online, searchable on Google
In October, the District Medical Group (DMG) discovered that an unknown number of patients’ PHI was potentially made accessible on the Internet.
Once the problem was discovered, DMG immediately began an investigation, according to a company statement. The organization discovered that an employee working at home used a thumb drive that contained patient billing information. The employee connected the thumb drive to their home network, and a security vulnerability made the contents of the thumb drive potentially accessible online.
The documents and information on the thumb drive could be located through search engines such as Google while the drive was connected. The thumb drive included patients’ names, dates of service, names of department where the patients were treated, refund amounts, and in some instances, Social Security numbers. Credit card and banking information were not included on the thumb drive.
DMG promptly removed the information from the internet once the possible breach was discovered and said it worked to remove the data from search engines as well.
DMG indicated that it has no reason to believe that the information was maliciously used. However, notification letters were sent to potentially affected patients on Dec. 12. DMG also established a dedicated call center to answer any questions affected patients may have.
“We deeply regret any inconvenience it may cause our patients,” the statement read. “To help prevent something like this from happening in the future, we have taken a number of actions, including providing education to the involved employee and re-educating all employees regarding the protection of sensitive information. In addition DMG is reviewing and updating pertinent policies and procedures regarding data privacy and security.”