3 Health Incidents in Breach Roundup100,000 Affected by 2 Stolen Laptops
In this week's breach roundup, two healthcare incidents involving the theft of unencrypted laptops affected a combined total of nearly 100,000 patients, and another incident affected Medicaid recipients in Kentucky.
Stolen Laptop Affects Indiana Patients
An unencrypted laptop containing information on about 29,000 patients at Gibson General Hospital in Princeton, Indiana, was stolen from an employee's home Nov. 27.
Information on the laptop included patient names, addresses, Social Security numbers and/or clinical information, according to a hospital statement.
The hospital is sending notification letters to patients treated at the hospital since January 2007, the statement said. The laptop, which has not yet been recovered, was being used by a hospital employee whose job required access to the hospital's electronic medical records system.
Affected individuals will receive one year's worth of free credit monitoring.
Vendor Omnicell Describes Breach
An unencrypted laptop was stolen Nov.14 from the locked car of an employee at Omnicell, which sells automated medication dispensing systems (see: Lessons from Business Associate Breach). The device contained information on more than 68,000 patients treated at three healthcare organizations that are Omnicell customers: Sentara Healthcare, Hampton Roads, Va.; South Jersey Healthcare, Vineland, N.J.; and University of Michigan Health System, Ann Arbor, Mich.
Each of the organizations has notified the affected patients, who include about 56,000 individuals treated at various Sentara hospitals and outpatient facilities; more than 8,500 patients of South Jersey Healthcare; and nearly 4,000 patients of UMHS.
The Omnicell laptop contained medication dispensing cabinet log files from those three organizations. In a statement, Omnicell said the files contained patient names, admissions records data, and technical data about medication dispensing transactions from drug dispensing cabinets over a one- to three-week period. The data was downloaded by the employee while troubleshooting software for the hospitals.
Medicaid Breach Affects 1,000
The Cabinet for Health and Family Services in Kentucky, the agency which administers Medicaid for the state, is notifying 1,090 Medicaid clients that their information may have been compromised in a breach involving a subcontractor to Hewlett-Packard Enterprise Services, the vendor that manages Medicaid's information management system.
An employee of Carewise Health, the subcontractor of HP Enterprise Services, responded to a telephone computer scam, which resulted in unauthorized access to a computer containing a database with information on the Medicaid clients.
Once the breach was discovered, the laptop was disabled and the state agency was notified.
The database included health information as well as Social Security numbers for less than half the individuals.
HP Enterprise Services is providing free credit monitoring services for those affected for one year.
Army Staff Information Breached
About 36,000 individuals who worked for or visited the now-closed Fort Monmouth in Oceanport, N.J., had information breached after computer hackers accessed their personal information.
Compromised information includes names, dates and places of birth, Social Security numbers, home addresses and salaries, according to Army spokeswoman Andricka Thomas, who provided a statement to a local newspaper.
Affected individuals are being offered free credit monitoring services for one year, the newspaper reports.