In the month of January, when Premier Healthcare found that a laptop holding secured health data had been stolen, the condition looked bleak for the large group practice in the Bloomington, Ind.
Data on the laptop was not encrypted, and over206, 000 sufferers required to be notified; almost 1,800 of those sufferers would have had their Social Security numbers or financial data at danger. That would have resulted in the practice having to provide identity protection services, an expensive charge on top of other breach-regarded expenses.
But in a fortunate turn of occasions, the laptop was given back by mail to the contributor during the 1st week of March, the agency recently declared. A forensic investigation by security firm Pondurance discovered that the laptop had not been powered on since it went missing, and further investigation observed no evidence that data on the computer was ever accessed, in accordance to a Premier Healthcare statement.
Still, damage has been done. Premier Healthcare notified sufferers of the theft, which charges money and negatively impacts an agency’s reputation with its sufferers. It is not obvious whether Premier had started attempts to offer identity protection services to patients, a breach response action that can be costly and fluctuates deployed on the level of insurance coverage. Premier Healthcare did not respond to appeals for more data.
Due to the circumstances of the case and the evidential proof, the violation is deemed to have not appeared. If forensics shows there was no acquisition, access, utilization or disclosure of protected health information, then there is no violation, claims Tom Walsh, president at tw-security. “It is a data security tragedy and should be reported and recorded as such internally,” he claims.
Further, Premier Healthcare likely is a far more secure agency now, having embarked after the violation to encrypt all computers and tighten security plans.
Visitor Rating: 5 Stars
ReplyDelete