Hankyu Chung, M.D., an internist in San Jose, California, reports that on June 16, there was a burglary at his offices. The burglar was able to gain access to the offices by entering the building complex through an unlocked door and using the crawl space above the office to gain access to it. The burglary was discovered on June 17 and reported to the police.
Among the items stolen by the burglars were two laptops, one of which contained password-protected, but unencrypted patient information.
In a letter to those affected, Dr. Chung writes that the laptop contained names, dates of birth, telephone numbers, and significant medical records including visit dates, complaints, physical examinations, diagnoses, testing and medication information. Social Security numbers, addresses and drivers license numbers were not stored on the laptop.
The July 17 letter, a copy of which was submitted to the California Attorney General’s site, does not offer those affected any free services, and although it suggests that patients review their credit information, it does not tell them how or where to do that. The letter is equally vague about what will be done to prevent future recurrences:
The circumstances that resulted in this breach are being corrected through increase security and implementation of procedures to minimize the possibility of future breaches.
Does that mean they will deploy encryption? If so, why not say so, and if not, why not?
Patients are advised that if they have any questions, they should “not hesitate to contact our attorneys at Schuering Zimmerman & Doyle. Their toll free telephone number is (888) 233-2305.”
The letter does not indicate how many patients had information on the stolen laptop, and there is no record of this breach (yet) on HHS’s breach tool.