596 Houston patients’ information at risk

August 26th, 2013 by admin Leave a reply »

A laptop containing information of nearly 600 orthopedic students was stolen from a doctor affiliated with the University of Texas Health Science Center at Houston.

The University of Texas Health Science Center at Houston, the most comprehensive academic health center in the UT System and the U.S. Gulf Coast region, is home to schools of biomedical informatics, biomedical sciences, dentistry,medicine, nursing and public health. UTHealth educates more healthcare professionals than any other health-related institution in the State of Texas.

Letters notifying about the theft were mailed to the patients 26 days after the un-encrypted laptop was stolen from a locked closet in the orthopedic clinic. The laptop was attached to an electromyography machine used by a member of the health science center’s medical practice group, known as UT Physicians. The investigation for the stolen laptop is still continuing, in conjuction with UT Police.

A letter signed by Andrew Casas, UT Physicians’ chief operating officer said “UT Physicians does not have any reason to believe that the information has been accessed or used by any unauthorized individual. We believe that the laptop may have been taken for the value of the hardware, not to gain access to its data content.”

As told by Casas, the stolen laptop contains patient names, birth dates, medical record numbers and hand and arm image data. It does not include addresses, social security numbers or insurance or other financial information.

He also requested the 596 affected patients to review their health insurance activity as a precaution and report in case of any suspicious activity.

The security breach is just the latest in the Texas Medical Center. Since 2010, there have been incidents at the UT Medical Branch at Galveston, UT M.D. Anderson Cancer Center, Houston Methodist Hospital and Texas Children’s Hospital. M.D. Anderson’s two breaches in 2012 involved the data of more than 32,000 patients.

The UT Houston health science center and physician group had previously encrypted more than 5,000 laptops, but not the laptop in question, said chief information security officer Amar Yousif. He described the computer as “not your typical laptop” because it uses a hard-to-obtain power source and propriety hardware and software. It was never attached to any wired or wireless network and its power cord is not missing.

A physical search of all clinics and offices is being conducted by UT Physicians to ensure there are no other un-encrypted laptops or storage devices attached to medical equipment, Casas’ says in a letter.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Leave a Reply