Health Data Breach: St. Mary’s Janesville Hospital

September 18th, 2013 by admin Leave a reply »

St. Mary’s Janesville Hospital of Wisconsin sent notice to 629 patients informing them about the recent data breach in which an unencrypted laptop was stolen from an employee’s car.

After this health data breach involving theft of an unencrypted laptop was reported,  healthcare organizations will start thinking about forming strict policies regarding encrypting and storing devices such as laptop that contain health information.

Compromised health information of 629 patients was stored in the laptop. It may have included information such as medical record, patient name, date of birth and account numbers, provider and department of service, bed and room number, date and time of service, visit history, complaint, diagnosis, procedures, test results and vaccines. Some information which was not compromised included Social Security numbers, addresses, credit card numbers or financial information.

According to PHIPrivacy.net, St. Mary’s Janesville Hospital published a notice on its website explaining that the stolen laptop was not encrypted and it was against its security policies.

In a statement St. Mary’s Hospital said “We have no reason to believe the laptop was stolen to gain access to patient information or that this information has been accessed or misused in any way. In fact, the computer was configured in such a way that information could not be written to the hard drive. Email information, however, was stored on the hard drive and password protected but not encrypted, which was in violation of St. Mary’s Janesville Hospital policy. We take our responsibility to protect patient information very seriously”.

St. Mary’s also added that it will be working with ID experts to help patients with identity and credit monitoring. “We have inspected all laptops to ensure they all have encryption software. We will actively be monitoring consistency of laptop encryption and conducting monthly audits to ensure compliance with our encryption policies”.

While the blame here is that the laptop wasn’t encrypted, the question is whether the device should have been in the employee’s car in the first place. There was nothing that could have been done about thieves breaking into a car, but considering the data breach incidents that include this type of theft, organizations need to start being more strict about device storage.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Leave a Reply