25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Valley Hope Association Notifies Patients of Unencrypted Laptop Theft

Posted By on Feb 27, 2016

Valley Hope Association, a Kansas-based provider of drug and alcohol treatment services, has started notifying patients about the theft of an unencrypted laptop computer which resulted in the exposure of patients’ protected health information. The laptop computer was stolen from an employee’s vehicle on December 30, 2015.

The highly sensitive data stored on the laptop include full names of patients along with some of the following data elements: Home addresses, phone numbers, Social Security numbers, driver’s license numbers, health insurance information, financial information, state identification numbers, medical record numbers, patient record numbers, disability codes, details of medication, clinical data, medical diagnoses, treatment location, types of treatment received, referring physician names, and usernames and passwords.

The device was being used to store the protected health information of patients, but those data were not encrypted. The laptop was protected with a password, so there is a possibility that the data have not been viewed.

However, since passwords can be cracked there is a chance that patient data has been accessed. Due to the sensitive nature of data stored on the device, Valley Hope Association has offered all affected patients complimentary credit monitoring and restoration services for a period of one year without charge.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Following the discovery of the theft Valley Hope Association initiated an investigation to determine the exact nature of data stored on the device. A third party computer forensics firm was hired to assist with the task. Login details were changed to prevent the laptop computer from being used to connect to the Valley Hope Association systems, although the data stored on the device could not be deleted remotely.

The theft was reported to law enforcement on the same day and investigations are continuing, although no suspects have been apprehended and the laptop computer has not been recovered. The incident was reported to Office for Civil Rights on February 26, 2016. The breach report indicates that 52,076 patients were affected by the data breach, making this one of the largest healthcare data breaches reported so far in 2016.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist