Double Burglary Sees Connecticut Patients’ PHI Exposed

SouthWest Community Health Center, a Bridgeport, CT network of health centers, has alerted patients that some of their protected health information has been exposed after burglars targeted two of its facilities.

Several computers were stolen in a double burglary at its 1046 Fairfield Avenue and 10 Clinton Avenue sites. Thieves first broke into the Fairfield Avenue facility on Saturday 8, April and stole four desktop computers and a laptop. The following weekend, the Clinton Avenue health center was broken into and two laptop computers were stolen.

Both facilities had security alarms which were triggered when the offices were entered. Law enforcement responded immediately in both cases, but the perpetrators had fled the scene.

The burglaries were not believed to have been conducted in order to gain access to patients’ protected health information, only for the value of the computer hardware that was stolen. However, it is possible that the thieves or other unauthorized individuals were able to view the information stored on the devices. The data stored locally on the devices were not encrypted.

SouthWest Community Health Center reconstructed the data stored on the computers to determine which patients’ protected health information had been exposed. The investigation revealed patients’ names, dates of birth, bank account numbers, Social Security numbers, insurance information and medical information, including diagnoses, treatment and admission information had been saved on the hard drives.

Due to the sensitive nature of exposed information, all affected patients have been offered identity theft monitoring and restoration services without charge for a period of 12 months. SouthWest Community Health Center is also reviewing security at its health centers to prevent future burglaries and is working closely with law enforcement and other third parties in this regard.

The incident has been reported to the Department of Health and Human Services’ Office for Civil Rights, although since the incident has yet to appear on the OCR breach portal it is unclear exactly how many patients have been impacted.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.