On March 3, dialysis services providers DVA Renal Healthcare, Inc. notified [pdf] the NH DOJ that a laptop stolen from an employee’s vehicle contained unencrypted personal information on current or former patients. Ann DesRuisseaux, DaVita’s Assistant General Counsel, did not indicate the date of the theft itself, saying only that the company “recently” discovered the loss and that “on or about” Feb. 4th, it had confirmed that the stolen laptop contained personal information. DesRuisseaux reported that 9 NH residents were affected, but no total numbers for the incident were provided.
In DaVita’s February 21st letter notifying those affected, the company indicated that Information on the laptop included insurance filings for dialysis services for current and former patients, including name, social security number, medical insurance coverage information, and/or other personal and health related information.
Those affected were not told in the letter when the theft occurred or that the laptop was stolen from an employee’s car. Nor were they offered any free credit protection monitoring.
According to their web site, DaVita [NYSE: DVA] has over 1,300 outpatient dialysis facilities and acute units in over 800 hospitals. They are located in 42 states and the District of Columbia, serving approximately 103,000 patients.