Share this article on:
The offices of Vermont-based physician, Max. M. Bayard, MD PC, have been burglarized and a number of electronic devices have been stolen, resulting in the Protected Health Information (PHI) of approximately 2,000 patients being exposed. According to a breach notice posted on the website of the Vermont Attorney General, the burglary occurred on August 5, 2015.
By today’s standards, the data breach exposed a relatively small number of patient records; however the breach is particularly serious as patient names, dates of birth, Social Security numbers and Medicare/Medicaid numbers were stored on the computers. The exact information needed by identity thieves to commit fraud. Other data exposed varies from patient to patient, and includes health information such as medical diagnoses, treatment information, and treatment dates.
Patients face a high risk of fraud and identity theft. To reduce the risk of harm and loss, all affected patients have been offered a year of free credit monitoring and identity theft repair services. Patients are also covered by a $1 million identity theft insurance policy.
Patients are advised to sign up for the services promptly, as the 12 month period starts from the date the breach notification letters were issued: September 11, 2015; not the date the services are activated.
Additional Protections put in Place to Prevent Future Data Breaches
Breach response procedures were executed immediately after the discovery of the data breach. Law enforcement officers were notified, and changes were made to safeguard patient data. Dr. Bayard arranged for the firewall and email account passwords to be changed, along with login credentials.
Additional security measures are also in the process of being put in place, which include new administrative, technical and physical safeguards. CCTV security cameras are to be installed on the premises, new data security policies will be implemented and the staff is to receive further training on data security. Dr. Bayard is also arranging for all computers to be protected by data encryption software.
Equipment Theft Highlights Importance of Using Data Encryption to Secure Patient PHI
Many healthcare providers choose to encrypt patient healthcare data to reduce the risk of information being accessed by unauthorized parties. High risk devices such as laptop computers and portable storage drives often have data encrypted, but it is important to consider encrypting all stored electronic healthcare data, regardless of where that information is located. Desktop computers may not be as portable, but this burglary, along with a number of other recent break-ins at physicians’ offices, have highlighted the importance of extending data encryption to all devices used to store ePHI.