Akanksha Jayanthi reports that Oneida Health Center in Wisconsin has reported a data breach after a flash drive containing details of patients’ dental information was stolen.
The health center, which serves a federally recognized tribe of Onedia people in the Oneida Nation, reported the theft to law enforcement Feb. 17, the same day the flash drive was stolen. The flash drive has not been recovered.
This incident was reported to HHS on April 15th as “Oneida Tribe of Indians of Wisconsin.” A notice in the official newspaper for the tribe reads:
The Oneida Nation is providing this public notification in compliance with federal law. On February 17, 2016 a flash drive containing the limited details of dental patient information was internally stolen from our dental offices at the Oneida Health Center located at 525 Airport Drive, on the Oneida Reservation.
The theft was discovered the same day and law enforcement was immediately notified. Since that time, the police and internal investigation have been ongoing. Although law enforcement investigated the situation, the flash drive has not been recovered.
It has been determined that the flash drive contained the following limited dental information for 2700 patients seen between 02/07/15 through 02/17/16:
Dental patient identification number
Date(s) of visited (between the above dates)
Dental insurance identification number, if applicable.
Although the dental information taken was extremely limited and there is no information to suggest it was used or disclosed for inappropriate purposes, there are various steps affected individuals (and the public, generally) are able to take to protect themselves from medical identity theft, or identify theft:
Various warning signs of identity theft and steps to take if information is lost/ stolen is located at: https://www.identitytheft.gov/;
The warning signs for medical identity theft are also located at: https://www.consumer.ftc.gov/articles/0171-medical-identity-theft.
We recommend affected individuals notify their dental insurance company, if applicable, of this incident because the dental insurance identification number was involved. Dental Insurers may be able to place the identification number on a list of compromised numbers, etc.
If affected individuals have broader concerns regarding their information, they may also contact one of the three major credit bureaus (below) to place a fraud alert on their credit report. Once one credit bureau confirms the fraud alert, the other two credit bureaus will automatically be notified to place alerts. All three reports will be sent free of charge:
Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA, 30374-0241
Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013
TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
Affected individuals and the general public are reminded of the importance of safeguarding personal information in all forms of media and to use diligence if receiving inquiries requesting personal information.
To prevent a reoccurrence of this type of isolated internal incident, we are implementing the following measures: Reviewing and implementing administrative procedures regarding the use of flash drives and implementing appropriate technological safeguards concerning their security and storage.
Notification in accordance with federal law has been provided to affected individuals. Throughout the entire investigation, there has been no information developed to suggest that our patient dental information was used or disclosed for inappropriate purposes.
Please note- this isolated incident did not involve any other personal identifying data, financial information, social security information, claims information, or any other diagnosis/ treatment information. The information taken was limited to very specific dental information and did not involve information from any other departments within the Oneida Health Center. If you feel you may have been affected by this incident and have questions or concerns, please contact Dave Larson, Director of Ancillary Services, at (920)869-2711 or email [email protected] at your earliest convenience.