Detroit Hospital Security Breach

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.clickondetroit.com/news/25801194/detail.html

WDIV Detroit
November 15, 2010

DETROIT, Mich. -- Henry Ford Health Systems has notified patients of a 
possible security breach after a laptop was stolen out of an unlocked 
medical urology office September 24th. Representatives with the hospital 
said although the password was protected there is a possibility some 
personal patient information could be at risk.

The hospital began notifying affected patients in a letter mailed last 
week from Chief Privacy Officer Meredith Phillips. The letter explained 
what happened, what information was stored on the laptop and what steps 
the health system is taking to prevent future breaches of patient 
information.

"The security of our patients' health information is very important to us, 
and we sincerely apologize for what happened," Phillips said. "This laptop 
did not have the proper security protections that we require for laptop 
computers storing patient information."

The laptop contained patient information related to prostate services 
received between 1997 and 2008 and included some but not all of the 
following information: Patient name, medical record number, date of birth, 
mailing and e-mail addresses, telephone number, treatment and doctor 
visits. No Social Security numbers or health insurance information were 
stored on the laptop.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/