Medical Practice has notified 3000 patients who have suffered data breach due to employees who tried to contact them with intention of starting own business. Still there are conflicting reports about the involvement of a business associate (BA) and the dates of breaches. Information which was affected included patient names, addresses, telephone numbers, dates of birth, Social Security numbers, and health conditions.
According to the reports, Medical Practice, located in Owensboro, KY, the breach occurred three years ago and Director of Research for Owensboro Medical Practice, Timothy Hillard said he knew of the incident.”Even if it was one patient, that one patient’s information is highly important to us and not the entire medical records were taken but demographics such as name, date of birth, age, social security number, which is, you know, very concerning to us.”
According to the statement:
On or about July 24, 2014, Owensboro Medical Practice, PLLC, and its business associate, Research Integrity, LLC, learned that a spreadsheet containing protected health information was wrongfully copied and removed from the offices of Research Integrity by a former employee. This occurred despite the fact that only properly authorized persons at Research Integrity had access to the spreadsheet.
Owensboro Medical Practice and Research Integrity are both investigating the incident and taking steps to ensure that patient information is secure. The companies are also pursuing the return of all hard copies of all information from the spreadsheet, the deletion of all computerized versions of such information on a permanent basis, and permanent injunctions against the persons or entities who had possession of the data from utilizing such data in the future.
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.