A California-based dentist announced data breach when external hard drive containing patients information was stolen.John E. Gonzalez, DDS said in a statement that his car window was broken and a briefcase containing the hard drive was taken. Gonzalez maintained that there was a low risk to data being exposed because it was not readable. He also added that the data was unencrypted.
Affected information includes Social Security numbers, driver’s license numbers, phone numbers, dates of birth, physical and email addresses, and health insurance information. However, passwords, user names, complete credit card information, and bank information were not stored on the drive. The last four digits of the most recent used credit card were stored.
“Pictures of patient cases (teeth only, no faces) that included patient first and last names and phone numbers were saved on the drive,” Gonzalez said. “These files of pictures are stored in jpeg format and can be opened easily.”
According to the OCR data breach reporting tool, 1,057 individuals were affected by this incident.
“After numerous consultations with the dental software company, I am convinced the risk of any unauthorized person being able to access the medical records information (which is listed above) is incredibly low as the software is HIPPA compliant,” wrote Gonzalez. “We have placed other safeguards with that company which require PIN and caller ID verification to prevent any access to this data by an unauthorized party. All data of patient records is in unreadable format; it cannot be opened without extreme effort, costly purchases, and expert guidance.”
Gonzalez said that patients should regularly review their explanation of benefits sent from their health insurer for any unauthorized procedures. Also check their credit reports for bills they do not recognize. For any discrepancies, placing a fraud alert will also help.
Gonzalez also mentioned below in the statement:
I am truly sorry to have inconvenienced you, my patients, with this unfortunate event. This theft did not happen in the office. The thief did not break into a medical facility, but rather a car parked in a commercial structure and therefore was not targeting this kind of information.
Alertsec is used by organizations that have recognized the need to protect their information.