Feb 262019

Priscilla Hwang reports:

This is part 2 of three stories on the stolen laptop files. Here’s part 1. Part 3 is scheduled for next week.

The N.W.T. government employee who was responsible for a laptop with health information for nearly the entire territory’s population had received training on how to securely handle portable devices just two weeks before the laptop was stolen in Ottawa last May, according to documents obtained by CBC.

Between 7:56 p.m. and 9:35 p.m., on May 9, 2018, someone broke into a rented Dodge Grand Caravan parked in the heart of Ottawa’s downtown and stole the government device, according to documents.

Read more on CBC.

Feb 252019

Priscilla Hwang provides a troubling update on a stolen laptop incident disclosed last year.

This story is Part 1 of 3 on the stolen laptop files. Part 2 is scheduled for Tuesday and Part 3 will publish next week.

The number of people whose personal health information was put at risk after a laptop was stolen last year is much higher than the N.W.T. government initially reported, and the data breach affects people from every province and territory in Canada, according to internal documents obtained by CBC News.

Last May, a laptop belonging to an employee with the territory’s Department of Health and Social Services was stolen from a locked vehicle during a business trip in Ottawa. The laptop — used to do statistical analysis — was unencrypted but had a strong password, the Health Department said in announcing the breach last summer.

Read more on CBC.

Would this be an okay time to point out that back in 2018,  I had commented:

The fact that we’re hearing the old “strong password” and “no evidence to believe” lines in 2018 instead of, “Okay, this absolutely should not have happened this way and heads are rolling as you read this” is not encouraging.

Feb 132019

The notice on their web site:

Notice to Our Patients of Recent Privacy Incident

Anesthesia Associates of Kansas City is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice is to inform our patients of an incident involving some of that information.

On December 16, 2018, we learned from an AAKC-employed nurse anesthetist that his bag, containing surgery schedules with patient information, was stolen from his vehicle on December 14, 2018. The theft was reported to law enforcement but the bag and contents have not been recovered. We immediately began an investigation and determined that the patient schedules may have included some patients’ names, dates of birth, types of surgery, dates of surgery, and the name of the patients’ surgeon. Patient addresses, social security numbers, insurance and financial information were not included on the schedules.

This incident did not affect all our patients. The bag only contained a few surgery schedules but we could not specifically determine exactly which schedules were included. In an abundance of caution, we notified certain patients who underwent surgeries from April 4, 2018 to December 14, 2018.

We have no indication that any patient information has been misused in any way; however, we mailed letters to affected patients on February 1, 2019. If you believe you are affected and do not receive a letter by March 1, 2019, please call 1-877-363-7799, Monday through Friday, between 8:00 a.m. and 8:00 p.m., Central Time. We also recommend that affected patients review the statements they receive from their healthcare providers. If they see services they did not receive, please contact the healthcare provider immediately.

We deeply regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we have reinforced our policy prohibiting the non-essential removal of patient information from the facility and implemented new requirements designed to safeguard patient data if there is a necessary reason to take information out of the facility.

Jan 292019

From their notification:

NEWARK, NEW JERSEY – January 18, 2019 – Integrity House has become aware of a potential data security incident that may have resulted in unauthorized access to personal information, including Social Security numbers and limited health information. Although at this time there is no evidence of any attempted or actual misuse of anyone’s information as a result of this incident, we have sent notification letters to potentially impacted individuals to notify them of this incident and to provide resources to assist them. We sincerely apologize for any inconvenience or concern this incident may cause.

On November 25, 2018, we discovered that one of our offices was burglarized. Stolen in the burglary were a number of business computers and tablets. We immediately notified our information technology team, who undertook an investigation to determine what information may have been stored on the devices. We determined that some personal information, including names, dates of birth, Social Security numbers, health insurance information and limited treatment information may have been stored on one of the stolen devices. No financial transaction or payment information was involved in this incident. We have reported the burglary to law enforcement and are cooperating with their investigation.

We take the privacy and security of all information in our control very seriously, and we want to assure you that we are taking steps to prevent a similar event from occurring in the future. These steps include, reviewing and updating our policies and procedures related to physical security at our facilities, encrypting all hard drives for all computer devices, strengthening password requirements and instituting additional policies around the handling of personal information.

We mailed letters to individuals potentially impacted by this event which includes information about the incident and steps potentially impacted individuals can take to monitor and protect their personal information. We have also established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 9:00 a.m. to 6:30 p.m., Eastern Time, and can be reached at 1-877-862-9128. In addition, out of an abundance of caution, we are offering identity theft protection and credit monitoring services through Kroll to potentially impacted individuals at no cost.

The privacy and protection of personal information is a top priority for Integrity House and we sincerely apologize for any concern or inconvenience that this may cause you.

You can read the full notification here.  The incident was reported to HHS as impacting 7,206 patients.

Jan 182019

Dallas, TX, January 18, 2019 –(PR.com)– All-Star Orthopaedics is notifying individuals that a hard drive with patient data was stolen on November 20, 2018. At this time, All-Star Orthopaedics has no indication that the private information has been accessed or misused.

On November 20, 2019 (sic), All-Star Orthopaedics discovered a hard drive containing x-rays and other diagnostic images was stolen. The information located on the hard drive is not encrypted; however, special software is needed to access the information.

The stolen hard drive includes x-rays and other diagnostic images. If opened, the image files contain patient names and birthdates. No other information is stored on the images on the hard drive.

All-Star Orthopaedics recognizes the importance of protecting patient information and has implemented new security protocols and safeguards to limit the possibility of the event recurring, including encrypting hard drives prior to transport. All-Star Orthopaedics has notified regulatory and law enforcement agencies, and as a precautionary measure, All-Star Orthopaedics is notifying potentially affected patients about the incident.