DISC InfoSec blog

InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!

Apr 07 2010

NorCal’s John Muir hospital warns of breach

Category: hipaa,Security Breach — DISC @ 12:35 am

: Image by Sparticus via Flickr

The Associated Press
Posted: 04/06/2010 08:31:15 AM PDT

WALNUT CREEK, Calif.—More than 5,000 patients in the John Muir hospital system have been warned of a potential security breach after two laptop computers that contained personal and health information were stolen.

The laptops were stolen from a perinatal office in Walnut Creek in February. The 5,450 potentially affected patients were sent letters Monday. Hospital officials say there have been no reports that patient information has been accessed.

John Muir Health vice president and privacy officer, Hala Helm, says the laptops were password-protected and contained data in a format that would not be readily accessible.

Officials have arranged free identity theft protection for a year and recommend people place a fraud alert on their credit files.

———

Information from: Contra Costa Times

Full Disk Encryption Software Not Used In Breached John Muir Health Laptops (alertboot.com)

Tags: Contra Costa Times, Identity Theft, john Muir Hospital, laptop stolen, Patient files stolen, Walnut Creek

Comments (0)

Feb 03 2010

UCSF laptop containing patient files stolen

Category: hipaa,Security Breach — DISC @ 3:46 pm

: Image via Wikipedia

The Associated Press

SAN FRANCISCO—The medical records of more than 4,000 patients at the University of California, San Francisco may have been compromised after a laptop they were on was stolen.
Officials with the university said Wednesday the laptop was recovered earlier this month after it was taken from a medical school employee during a flight in November. It does not appear that anyone gained access to the computer or the confidential patient information, but officials say the records still could have been exposed.

The files contained patients’ names, medical record numbers, ages and clinical information, but no Social Security numbers or financial data.

School officials say they are notifying the 4,400 patients whose records were on the computer. They were all treated in 2008 and 2009.
———
Information from: San Francisco Chronicle, http://www.sfgate.com/chronicle

Here we have another unnecessary major security breach in a large healthcare organization which resulted in a loss of patient data demonstrating poor baseline security. They clearly are not ready for the new HIPAA provision ARRA and HITECH. Evaluate your current business and system risks to make sure this does not happen to you.
Contact DISC for any question if you think, this may apply to you.

The Practical Guide to HIPAA Privacy and Security Compliance