Lawyers for Olartino Dyoco, M.D., a physician in California, are notifying his patients that some of their information was on computers stolen during an office burglary. The burglary was discovered on June 2. The stored billing information included:
Names and addresses, birth dates, telephone numbers, insurance numbers, treatment codes, and billing information”
The incident was reported to the Fresno Police Department; their report number 15-38894.
The notification letter, a copy of which was submitted to the California Attorney General’s Office, makes a somewhat interesting claim, however:
The circumstances that resulted in this breach were unforeseeable,
In any event, according to his lawyers, Dr. Dyoco
has heightened procedures and safeguards to prevent a recurrence of this situation. He added levels of encryption to his computer systems, and advised his staff with regard to security training anything to avoid this situation in the future.
“Added levels of encryption?” Was there any encryption at all? If there was encryption but it was not NIST-grade, then he would have had to report this, but it’s not clear from the letter whether there was any encryption to begin with.
Patients (or their parents) having questions can call the doctor’s lawyer, Christian Koster, of Schuering Zimmerman & Doyle, LLP, at the toll-free number provided in the notification letter.
All in all, this letter would have come across much better, in my opinion, if it had been written as coming directly from the doctor, with an apology coming directly from him for the inconvenience and worry his patients may now experience. What do you think?