Accretive Health Addresses Breach

Says Lack of Laptop Encryption Was an 'Oversight'
Accretive Health Addresses Breach

A laptop stolen from an employee of Accretive Health last year was not encrypted "due to the oversight of an individual IT employee," the company says in a 29-page comment letter sent to U.S. Sen. Al Franken, D-Minn. That employee subsequently was fired, the company reports.

See Also: Strengthening Defenses with ISO/IEC 27001 Standards: The Frontier of Canadian Cybersecurity

Sen. Franken has launched an investigation into the Chicago-based billing and collections firm in the wake of the Minnesota attorney general's lawsuit against the company that stems, in part, from the data breach last year that affected more than 20,000 patients. Accretive Health, which wrote the comment letter at the request of Franken, has filed a motion to dismiss the lawsuit (see: Accretive Health Responds to Lawsuit.)

Franken has announced the Senate Health Committee plans to hold a field hearing later this month in Minnesota on Accretive Health's business practices.

Encryption Strategy

In its comments to Franken, Accretive Health also notes that following the July 2011 breach incident it "added redundancies to its IT practices so that multiple employees work independently to ensure that each Accretive Health laptop is properly encrypted. In addition, Accretive Health conducts reviews at least five days a week to confirm that every laptop remains properly encrypted."

The company also notes that it has "begun to upgrade its encryption software to higher than industry standards."

An unencrypted laptop was stolen from the parked rental car of an Accretive Health employee, according to the Minnesota attorney general's lawsuit. It contained healthcare information, as well as some Social Security numbers and other personal data, on patients treated at Fairview Health Services and North Memorial Health Care.

The bulk of Accretive Health's letter to Franken deals with the lawsuit's other allegations regarding its collection practices.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.