Data breach in North Carolina’s Cornerstone Neurology

March 17th, 2014 by admin Leave a reply »

 

Information of 548 patients from Cornerstone Health Care in high Point was stolen which may lead to data breach. Incident came to notice when employees didn’t find the laptop. It contained protected health information (PHI) including patient names, dates of birth, physician names, and nerve conduction scan summaries, but did not have addresses, billing information, or Social Security numbers.

Thief was not able to access additional information as computer was not connected to the billing system or electronic security numbers. Compliance and patient safety officer said, “This wasn’t one of our laptops that our providers use to see all of our patients. Because this computer isn’t integrated into our systems, we didn’t have an easy way to figure out what patients might have been involved.” Officials believe that laptop was not stolen for the information.

Cornerstone after the incident revised its policy and procedures to restrain staff securing sensitive information. It was not clear whether Cornerstone has informed the Department of Health and Human Services (HHS) about the stolen equipment and data breach.

Excerpts of the notice from home page says,

Cornerstone Health Care values the trust placed in us by our patients and takes our responsibility to maintain the confidentiality of our patients’ data very seriously. Regrettably, this notice concerns an incident involving some of that information.

We sincerely regret that this incident occurred. To help prevent similar events in the future, we have installed new locks on all rooms in the facility that contain electronic devices, reviewed our information privacy and security policies, and provided education and training to Cornerstone staff regarding the importance of securing patient information. Please be assured that we take the privacy of our patients’ personal information seriously and that we will continue to implement improvements to protect our patients’ personal information.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Leave a Reply