Sensitive data was potentially breached when an employee stole patient records in an apparent identity theft ring from AltaMed Health Services. According to the reports, 2,995 patients’ were affected by this breach. AltaMed offers a variety of healthcare services and temporary employee should not be given access to patient medical records.
Law enforcement, which was conducting an investigation of the breach informed AltaMed about the breach. Agency has a hard drive that’s believed to hold patient records. Temporary employee working with AltaMed has accessed electronic and paper records and affected patients include those who attended one of its community events in Orange and Los Angeles Counties.
The date breached includes patient names, email addresses, telephone numbers, Social Security numbers, provider information, insurance information, dates of birth, and addresses. “The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again,” The statement said.
AltaMed notified patients, California Department of Public Health, the California Attorney General’s office, and the Department of Health and Human Services (HHS).
Excerpts from the AltaMed Website Statement:
As part of its ongoing commitment to privacy and data security, AltaMed Health Services is issuing this updated website statement notifying affected individuals of a recent incident that may affect the security of their personal and protected health information. The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again.
The organization launched an internal investigation into the matter to determine what AltaMed records this individual may have accessed during her employment. The organization retained information privacy and data security legal counsel to assist with its investigation. This investigation is ongoing.
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.