SunBridge Healthcare notifies 3, 830 residents of stolen laptop

[security curmudgeon <jericho () attrition org>]

http://www.phiprivacy.net/?p=3070

SunBridge Healthcare notifies 3,830 residents of stolen laptop
By Dissent, July 14, 2010

On July 9, SunBridge Healthcare Corporation of New Mexico issued the 
following press release:

     A password-protected laptop computer, containing resident information 
from 10 states was stolen in May 2010. The states involved are Arizona, 
California, Colorado, Idaho, Montana, New Mexico, Oklahoma, Utah, 
Washington and Wyoming.

     The theft was immediately reported to local law enforcement and the 
company.s privacy officer. After thorough investigations by our compliance 
and information technology departments, working with outside experts, we 
concluded that the information on the stolen laptop included names, 
medical record numbers, dates of service, and clinical data, as well as 
social security and health insurance numbers. No credit card data or other 
financial information was stored on the stolen laptop.

     Although there has been no indication that the information on the 
computer has been improperly accessed or misused. The company engaged 
Kroll Inc., to operate a toll-free call center to address any questions, 
address identity theft concerns, and provide comprehensive identity theft 
safeguards to individuals affected by this incident. Kroll.s Fraud 
Solutions team has more experience than any other organization when it 
comes to helping people who have encountered the unintentional exposure of 
confidential data.

     In addition, the company has taken a number of steps to prevent 
further breaches in the future, including reinforcing with its staff the 
proper protocols required to maintain the security of personal 
information. Also, the company.s internal encryption practices have been 
strengthened to ensure that no laptop computers are issued to employees 
without encryption software installed.

     The centers involved are in the process of notifying each of the 
patients, residents or their guardians, as well as the U.S. Department of 
Health and Human Services. These notifications are being made pursuant to 
the Health Information Technology for Economic and Clinical Health Act 
approved in 2009. Individuals who would like more information may call 
1-877-309-0173, toll-free, between 6 a.m. and 3 p.m. (Pacific Time), 
Monday through Friday.

According to the corporation.s report to the U.S. Department of Health & 
Human Services, 3,830 residents had data on the stolen laptop.


_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php