Oregon-based Northwest Primary Care (NWPC) sent data breach notification to approximately 5,300 patients. As per the report, personal information was inappropriately accessed by a former employee. Former NWPC employee stole patient names, dates of birth, Social Security numbers, and credit card numbers.
“Northwest Primary Care will not tolerate any violation of our patients’ privacy,” NWPC Administrator Michael Whitbeck said in the press release. “The former employee in connection to this violation deliberately and criminally chose to violate established clinic policies, the trust of our patients and the law. We deeply regret that this crime has occurred and for any burden that this incident may cause.
Whitbeck added that this type of data security breach “is unacceptable,” and that NWPC will support the law enforcement investigation into the incident.
The organization mentioned that additional changes will be made to NWPC’s approach to security. It will expand its technology monitoring capabilities and employee training. Specifically, employee training “on safeguarding and accessing patient records to further bolster privacy safeguards.” Moreover, technical precautions will also be added, in an effort to better ensure patient privacy.
As per the statement:
NWPC is an Oregon Family Practice medical clinic that serves the Milwaukie, Clackamas, Sellwood, and Oregon City area. The practice performs reference checks on all employees. Additional background checks are performed for highly sensitive positions, including positions with access to financial data. NWPC has comprehensive policies and procedures, as well as a Code of Conduct, which prohibit employees from accessing patient records when there is not a work-related reason to do so.
Get your personal as well as office laptops encrypted by Alertsec
Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.
Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.