Nov 162018
 

From their notice:

On September 5, 2018, FHN Family Counseling Center (“FHN”) learned that a password-protected laptop was stolen out of a FHN employee’s vehicle. The employee immediately notified law enforcement, but the laptop has not yet been recovered. Upon learning of the incident, FHN immediately initiated an investigation to determine the scope of the incident and the impact on our patients. FHN determined that the laptop contained certain aspects of our patients’ personal information, which may include those patients’ name, address, date of birth, medical record number, insurance information, medical information, Social Security number and driver’s license number.

On November 2, 2018, FHN sent written notification to all potentially impacted individuals for whom we have contact information, and has arranged for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license numbers were involved in the incident.

Affected individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. In general, we recommend, as a precautionary measure, that any impacted individuals remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general.

Affected individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheftor call 1-877-ID-THEFT (1-877-438-4338). Affected individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

FHN has a robust program in place to encrypt all laptops. We determined that, due to an isolated technical issue involving our encryption software, the specific laptop at issue was not encrypted at the time of the incident. FHN took steps to immediately re-encrypt all laptops affected by this technical issue and to re-train the employee whose laptop was stolen, as well as all employees, on safeguarding mobile devices.

FHN apologizes for any inconvenience or concern this incident might cause the affected individuals. Additional information is available via a confidential, toll-free inquiry line at 1-877-728-0077 between 8:00 a.m. and 5:00 p.m., Central Time, Monday through Friday.

According to their notification to HHS, 4,458 patients had information on the stolen laptop or were being notified of the theft.

Nov 122018
 

Anthony Vecchione reports:

Summit Medical Group said Monday it is looking into an incident of a possible security leak of patient data.

SMG said it became aware of the potential unauthorized disclosure of patient medical records Sept. 5 when management and privacy office personnel were notified a notebook maintained by a medical assistant in the dermatology office in Berkeley Heights was misplaced and was not recovered.

In a statement, SMG said that it launched an investigation into the incident and determined that the notebook was maintained by the medical assistant to track all of the patients to whom she provided health care services.

The employee kept the notebook at the facility and reported that the book never left the dermatology office, according to SMG.

Read more on NJBiz.

The following is SMG’s press release, issued November 2:

BERKELEY HEIGHTS, N.J., Nov. 2, 2018 /PRNewswire/ — Summit Medical Group (“SMG”) is taking action after discovering an isolated incident that may impact the security of information relating to a limited number of SMG patients.

On or around September 5, 2018, SMG became aware of the potential unauthorized disclosure of patient medical records when SMG management and Privacy Office were notified that a notebook maintained by a medical assistant in the dermatology office at Berkeley Heights was misplaced and unable to be recovered. SMG immediately launched an investigation into this incident, and it was determined that the notebook was maintained by the medical assistant to track all of the patients to whom she provided health care services, to assist her with following up with patients. The employee kept the notebook at the facility and reported that the book never left the dermatology office. This cataloging of the information in the notebook began around January 12, 2018 and included information pertaining to all patients seen by the employee through September 5, 2018, when the employee could not locate the notebook. Management and the Privacy Office conducted interviews of employees, reviewed security footage, and searched the office, but found no trace nor evidence of the notebook.

While the information present in the notebook varies by individual, SMG’s investigation determined that the information that may have been affected includes: name, date of birth, address, home telephone number, insurance policy number, Medicare ID (which can also be a patient’s Social Security Number), and treatment information.

While SMG has no evidence that any information involved in this incident has been subject to actual or attempted misuse, SMG is mailing notice letters to individuals who may have been affected by this incident. SMG is also encouraging potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanations of benefits, and to monitor credit reports and explanation of benefits forms for suspicious activity and to detect errors.

SMG is providing potentially impacted individuals information on obtaining a free credit report annually from each of the three major credit reporting bureaus by visiting www.annualcreditreport.com, calling 877-322-8228, or contacting the three major credit bureaus directly at: Equifax, P.O. Box 105069, Atlanta, GA, 30348, 800-525-6285, www.equifax.com; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion, P.O. Box 2000, Chester, PA 19016, 800-680-7289, www.transunion.com.

Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement or the individual’s state Attorney General. SMG will be providing notice of this incident to the U.S. Department of Health and Human Services, as well as required state regulators.

SMG understands that patients may have questions about this incident that are not addressed in this release. If you have questions or concerns, please do not hesitate to reach out to SMG’s Patient Relations Department via [email protected] or 908-977-9499 Monday – Friday, 9am – 5pm ET, excluding national holidays.

About Summit Medical Group

Recognized as New Jersey’s premier multispecialty medical group, Summit Medical Group has more than 80 locations in seven northern New Jersey counties. Summit Medical Group’s 800+ practitioners cover more than 80 medical specialties and services, with a focus on delivering patient-centered and coordinated care. Summit Medical Group’s unique care model recently expanded nationally with the founding of Summit Medical Group Oregon – BMC Total Care and Summit Medical Group Arizona. Additionally, Summit Medical Group is the only healthcare provider in northern New Jersey to offer patients access to the world-renowned MD Anderson Cancer Network® through Summit Medical Group MD Anderson Cancer Center. For more information, visit www.summitmedicalgroup.com.

SOURCE Summit Medical Group

Related Links

http://www.summitmedicalgroup.com

Nov 122018
 

There’s a follow-up to an insider-wrongdoing case previously reported on this site as affecting 4,600 patients of Chilton Medical Center. The following press release appeared October 26:

Morris County Prosecutor Fredric M. Knapp, and Chief Brian C. Spring of the Pequannock Township Police Department announce the sentencing of Sergiu Jitcu, age 39, of Saddle Brook, New Jersey, on Computer Criminal Theft charges.

On or about November 8, 2017, the Morris County Prosecutor’s Office was contacted by Chilton Medical Center Director of Security who reported a theft of computer equipment from the facility by the defendant. The defendant is now a former IT employee at Chilton Medical Center. The Morris County Prosecutor’s Office Specialized Crimes Division was advised that Chilton Medical Center received information from a resident of Wisconsin that he had purchased a computer hard drive on eBay from the defendant and this computer hard drive contained personal identifying information of individual(s) who may have been treated at Chilton Medical Center. The Morris County Prosecutor’s Office Specialized Crimes Division commenced an investigation into the allegation and, ultimately, executed a Search Warrant on the defendant’s residence and motor vehicles resulting in the seizure of various computer equipment and additional items belonging to Chilton Medical Center. Subsequent investigation has revealed that at least one (1) computer storage medium, which was sold on eBay by the defendant, contained data/data bases with personal identifying information of patient(s) of Chilton Medical Center. On or about December 15, 2017, Chilton Medical Center sent notifications to patients, identified as potentially being effected by the theft, who had been treated at Chilton Medical Center advising of the incident.

The defendant plead guilty, on September 4, 2018, to the following offenses based on the defendant’s criminal activity on various dates between January 1, 2015 and November 8, 2017:

• 1 count of Computer Criminal Activity, i.e. computer theft by accessing data, data base, computer storage medium or computer equipment without authorization or in excess of the authorization, in violation of N.J.S.A. 2C:20-25a, a crime of the Third degree; and
• 1 count of Theft, i.e. the taking of computer equipment from Chilton Medical Center, in violation of N.J.S.A. 2C:20-3a, a crime of the Third degree.

On October 26, 2018, the Hon. Stephen J. Taylor, P.J.S.C., Superior Court of New Jersey, Morris Vicinage, sentenced the defendant to non-custodial probation for a term of five (5) years with the special condition that the defendant make restitution, via monthly payments thru the Morris County Probation Department, to Chilton Medical Center in the amount of $64,250.00.

Prosecutor Knapp would like to thank the Morris County Prosecutor’s Office Specialized Crimes Division, Financial Crimes Unit, Pequannock Township Police Department, Saddle Brook Police Department and Chilton Medical Center whose efforts contributed to the investigation and prosecution of this case.

Inquiries concerning this press release should be directed to Public Information Officer Peter DiGennaro at [email protected] or 973-829-8159.

Source: Morris County Prosecutor, October 26

Nov 072018
 

Julie Iles reports:

A stolen, unprotected work laptop has put at risk the confidential details of more than 80 legal aid clients.

The laptop was taken in a September burglary of the home of a recently resigned legal aid lawyer, Ministry of Justice chief operating officer Carl Crafar said.

The laptop contained the confidential details of at least 83 of the lawyer’s former clients and was not password protected.

Read more on Stuff.