What they won't tell us, they have to tell HHS: the SRHS breach
It was only a matter of time until we found out how many people Spartanburg Regional Healthcare System had to notify about the laptop stolen from an employee’s car in March.
The incident has now been posted on HHS’s breach tool and it appears they reported that 400,000 patients were affected.
The employee was authorized to have the laptop, but why did 400,000 patients have data on it? Was it really necessary that so much data be on a laptop that was permitted to be removed from the premises?
And with so much sensitive data on the laptop – Social Security numbers, names, addresses, dates of birth and medical billing codes – why weren’t the data encrypted?
And why was the laptop left in a car where it was stolen at night?
What were Spartanburg’s security protocols?
Hopefully, HHS will not only obtain answers but take forceful steps to ensure that this doesn’t happen again.