DaVita notifies 11,500 patients of laptop theft

October 16th, 2013

Laptop theft continues to be a major source of healthcare data breaches, as a Colorado-based kidney care company, DaVita alerted 11,500 patients and some employees of a breach.

According to a notice on the Davita website “DaVita has determined that personal information belonging to approximately 11,500 patients was on the laptop at the time of the theft. In most cases, this information included details such as name, clinical diagnoses (e.g., end stage renal disease), insurance carrier name, claims payment data and dialysis treatment information. For approximately 375 patients, the information stored on the laptop included Social Security numbers. Personally identifiable information for a very small number of DaVita teammates was also stored on the laptop. All affected individuals will receive letters with additional information”.

An unencrypted but password-protected laptop was stolen out of an employee’s car. The stolen laptop included data such as names, clinical diagnoses, insurance carrier names, claims payment data and dialysis treatment information and Social Security numbers of 375 patients’ were on the laptop. After alerting law enforcement, DaVita said that it’s in the process of notifying patients of the breach and will be providing one year of credit-protection services, including credit monitoring, identity recovery assistance and identity theft insurance through ID Experts.

“We sincerely apologize for any inconvenience or concern this incident may cause our patients. DaVita has reviewed its encryption practices and implemented additional safeguards to protect against any future instances of non-compliance with our encryption policies and procedures” said Skip Thurman, a DaVita spokesperson.

According to DaVita, the mandated encryption on the device had been unintentionally deactivated.

How did DaVita not know that the encryption had been turned off? They could have encrypted the laptop before it was stolen, if they had proper notifications set up to monitor technical safeguards.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta