Solis Mammography notifies 500 patients and HHS after laptop theft
Their press release of December 14:
Ben-Ora, Hansen & Vanesian Imaging, Ltd. d/b/a Solis Mammography (“Solis”) is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this noticeconcerns an incident that involved some of that information.
On October 17, 2018, we learned that a Solis computer had been stolen from our Phoenix location and was in the possession of an unauthorized individual. We immediately began an investigation, including hiring a leading forensic firm to assist, and reported the theft to law enforcement. Our investigation determined that some patient information may have been contained on the computer. Because we are unable to locate the computer, we cannot confirm the specific patient information that may have been stored on it. The computer is believed to contain information pertaining to approximately 500 patients. This information may have included the patients’ names, dates of birth, insurance information, laboratory results, imaging, and other items. No financial information is believed to be on the computer. We are working with law enforcement, but the computer has not been located to date.
We have no indication that any patient information has been misused in any way. However, out of an abundance of caution, with this notice, we are advising our patients of the incident. We also want to assure our patients that we take this very seriously. We recommend that our patients review statements they receive from their health insurers and healthcare providers. If they see services they did not receive, contact the health insurer or provider immediately. If you believe you are affected or have questions regarding the incident, please call toll-free 1-877-698-3691, Monday through Friday, between 6:00 a.m. and 6:00 p.m., Arizona time.
We deeply regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we are implementing strong access controls and developing new procedures governing the secure disposal of information.
It’s not clear to me how their post-incident steps would have prevented a laptop theft, and I have written to them to seek more clarification. This post will be updated when I get a response.