Florida-based Rotech Healthcare Inc. recently suffered PHI security breach after patient information was found by police from an unauthorized individual. The incident was the result of unauthorized access and stolen hard drive.
According to Rotech, they got the report on June 13, 2016 that some patient paper records had been recovered by the police. Affected information included names, Social Security numbers, patient numbers, addresses, the name of the Rotech subsidiary company from which individuals received health care services, and possibly phone numbers and/or dates of birth.
Even the incident occurred in June, facility mentioned that they did not receive copies of the stolen information until July 11 only after US Secret Service provided it to them. As per the review, the information had been taken from Rotech systems.
“Rotech takes your privacy and the security of your personal and protected health information very seriously, and we are cooperating with law enforcement’s investigation into this incident,” Rotech Vice President of Compliance and Ethics R. Wayne Bradberry, CHC said in a statement. “Rotech and our third party forensic investigators continue to investigate this incident to identify any additional patients who may be impacted by this incident.”
According to the OCR data breach reporting tool, 957 individuals were potentially affected. All the affected individuals will receive notification. Also, facility mentioned that they are reviewing its current policies and procedures to avoid such type of incident again.
“We sincerely regret any inconvenience this incident may cause,” Bradberry wrote. “Rotech remains committed to safeguarding information in our care and will continue to take proactive steps to enhance the security of the information in our care.”
As per the statement: Steps You Can Take to Protect AgainstIdentity Theft and Fraud
We encourage you to remain vigilant against incidents of identity theft and fraud and seek to protect against possible identity theft or other financial loss by regularly reviewing your financial account statements for any charges you did not make. We also encourage you to notify your financial institutions and health care insurers of this data security event to seek advice regarding protecting your accounts.
We encourage you to review any Explanation of Benefits statements you receive from your insurer. If you see any service that you believe you did not receive, please contact your insurer at the number on your statement. If you do not receive regular Explanation of Benefits statements, you can contact your insurer and request that they send such statements following the provision of services in your name or number. You may also want to order copies of your credit reports and check for any medical bills that you do not recognize. If you find anything suspicious, you can call the credit-reporting agency at the phone number on the report. Keep a copy of this notice for your records in case of future problems with your medical records. You may also want to request a copy of your medical records from your provider, to serve as a baseline.
Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.