Vendor error leads to data breach

October 16th, 2016 by admin Leave a reply »

Arkansas-based Baxter Regional Home Health Facility (Baxter Home Health) recently suffered data breach affecting patients and employees. The incident may have resulted in exposing some of their information. According to the Baxter Home Health, break-in took place at its Cotter facility overnight. Hard copy files which contained certain patients and employees information was present in the facility.

“We have no information to suggest that any records were viewed or removed from the facility, and none of our electronic records or computer systems were impacted,” Baxter Home Health said in its statement. “We are nonetheless providing notice to potentially-affected patients and employees out of an abundance of caution.”

Affected information includes names, addresses, phone numbers, dates of birth, Social Security numbers, government identification numbers, insurance identifiers and diagnostic information. Employee information may have included names, addresses, phone numbers, dates of birth, licensure information, and information about previous employers.

Facility contacted Law enforcement. It also mentioned that it has conducted an internal investigation and assessment of its own security practices. It is also offering 12 months of complimentary identity protection services. The services taken from identity monitoring services company helps to detect possible misuse of personal information and provide identity protection support focused on immediate identification and resolution of identity theft.

“We are currently working to increase security measures at the facility, and to that end, have changed locks and will be installing cameras and alarm systems to better secure this facility,” the facility said.

Baxter Home Health did not mention number of affected individuals. As per the OCR data breach reporting tool, total 2,124 individuals’ information was impacted by the incident.

As per the statement mentioned on the website, affected individuals are asked to do following:

We want to make potentially affected individuals aware of steps they can take to guard against fraud or identify theft. We recommend that individuals carefully check their credit reports for accounts they did not open or for inquiries from creditors they did not initiate, and to call the credit agency immediately if they see something they do not understand. Any suspicious activity on a credit report should be reported to the local police or sheriff’s office. Individuals should file a police report for identity theft and get a copy of it, since it may be necessary to give copies of the police report to creditors to clear up fraudulent records.


Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Leave a Reply