- Montana-based New West Health Services d/b/a New West Medicare recently reported a potential healthcare data breach following a laptop theft.
While the New West announcement did not specify how many individuals were potentially affected, the OCR data breach reporting tool lists 28,209 people as possibly being impacted.
New West explained that the password-protected laptop was stolen from an off-site location and contained information on past and present New West customers.
Information on the device likely contained customers’ names, addresses, and in some cases driver’s license numbers and Social Security numbers or Medicare claim numbers. Limited information related to some individuals’ Medicare premium payments, including electronic funds transfer information (bank account number, account holder name, account type and bank routing number) or credit card information (card holder name, credit card account number, expiration date and CVV (Card Verification Value) number) may also have been on the laptop.
The privacy and security of members’ information is a top priority. Moving forward, we are committed to taking steps to prevent this type of incident from occurring in the future. These steps include installing additional security on all company laptops, enhancing education for our employees, and strengthening our data security policies and practices.
New West added that there is no indication that the information has been used inappropriately, but out of an abundance of caution, it is offering one year of complimentary credit monitoring to affected individuals. It is also “taking steps to prevent this type of incident from occurring in the future,” which includes installing additional security on company laptops, increasing employee education, and strengthening data security policies.
There were other recent healthcare data breaches in the past few weeks, both involving unauthorized user access.
Blue Shield of California reports data breach for 21K individuals
Blue Shield of California recently announced that one of its vendors recently became aware of a potential data breach after it found evidence of an unauthorized user had gained access to its data systems.
The unauthorized access occurred between September and December 2015, according to Blue Shield, but no Blue Shield data systems were impacted. The incident was reportedly due to misused log-in credentials for certain Blue Shield customer service representatives.
“We are working internally and with our vendor to improve our overall security procedures in order to provide additional protections for your personal information,” explained the notification letter signed by Blue Shield Chief Privacy Officer Molly McCoy Esq., CIPP/US.
Potentially accessed information includes names, addresses, dates of birth, and Social Security numbers.
The OCR data breach reporting tool states that 20,764 individuals were possibly affected by this incident.
Credential misuse leads to incident at Brigham and Women’s
Brigham and Women’s and Brigham and Women’s Faulkner Hospitals (Brigham) recently announced that it had experienced a “privacy incident” where an unauthorized party obtained an employee’s network credentials.
Brigham stated that it learned of the incident on November 13, 2015, and the credentials were used to access an employee’s email account.
The emails potentially contained information including full names, dates of birth, medical record numbers, provider name, dates of service, and some clinical information, such as diagnoses and treatments received. However, health insurance information, health insurance numbers, or other financial or account information were not included.
Approximately 1,000 individuals were affected by this incident, according to the OCR data breach reporting tool.
“We are committed to the security of the sensitive information we maintain and are taking this matter very seriously,” Brigham explained in its notification letter. “To help prevent a similar incident from reoccurring, we are taking steps to enhance our existing technical safeguards regarding network credentials, and we are re-educating workforce members.”