Dedicated to providing the latest
HIPAA compliance news

Double Burglary Sees Connecticut Patients’ PHI Exposed

Share this article on:

SouthWest Community Health Center, a Bridgeport, CT network of health centers, has alerted patients that some of their protected health information has been exposed after burglars targeted two of its facilities.

Several computers were stolen in a double burglary at its 1046 Fairfield Avenue and 10 Clinton Avenue sites. Thieves first broke into the Fairfield Avenue facility on Saturday 8, April and stole four desktop computers and a laptop. The following weekend, the Clinton Avenue health center was broken into and two laptop computers were stolen.

Both facilities had security alarms which were triggered when the offices were entered. Law enforcement responded immediately in both cases, but the perpetrators had fled the scene.

The burglaries were not believed to have been conducted in order to gain access to patients’ protected health information, only for the value of the computer hardware that was stolen. However, it is possible that the thieves or other unauthorized individuals were able to view the information stored on the devices. The data stored locally on the devices were not encrypted.

SouthWest Community Health Center reconstructed the data stored on the computers to determine which patients’ protected health information had been exposed. The investigation revealed patients’ names, dates of birth, bank account numbers, Social Security numbers, insurance information and medical information, including diagnoses, treatment and admission information had been saved on the hard drives.

Due to the sensitive nature of exposed information, all affected patients have been offered identity theft monitoring and restoration services without charge for a period of 12 months. SouthWest Community Health Center is also reviewing security at its health centers to prevent future burglaries and is working closely with law enforcement and other third parties in this regard.

The incident has been reported to the Department of Health and Human Services’ Office for Civil Rights, although since the incident has yet to appear on the OCR breach portal it is unclear exactly how many patients have been impacted.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On