Share this article on:
Centers Plan for Healthy Living, a Staten Island NY-based managed care organization, has announced that a laptop computer containing the protected health information of Medicare/Medicaid recipients has been stolen from its corporate offices. The laptop theft was discovered on January 4, 2016., with the device believed to have been taken on or around January 1.
Following the discovery of the theft, Centers Plan conducted an investigation and determined that the laptop may have contained a file containing data relating to 6,893 Medicare and Medicaid recipients. No Social Security numbers, financial information, credit card numbers, health data, or other highly sensitive information were contained in the file, although some individuals have had their Medicare and/or Medicaid numbers exposed. Other data believed to have been contained in the file include full names, dates of birth, and home addresses.
The theft was immediately reported to law enforcement although the laptop computer has not been recovered. Centers Plan does not believe the laptop was stolen for the data stored on the device, but for the value of the device itself.
All affected individuals have been notified of the potential privacy breach in accordance with HIPAA regulations and a substitute breach notice was posted on Centers Plan’s website. Credit monitoring services are being offered to all individuals who had their Medicare or Medicaid number exposed.
In the two months since the laptop was stolen, no reports of improper use of data have been reported, although Centers Plan has advised those affected by the breach to exercise caution and to keep a close eye on their credit reports and financial accounts. In response to the incident Centers Plan will be taking steps to secure all data stored on internal computer equipment.
In the past six months, there have been 25 reports of stolen portable electronic devices submitted to the Office for Civil Rights. Those incidents resulted in the exposure of 194,101 patient records. All of those data breaches could have been prevented had data encryption been employed.