Peggy O’Hare reports:
A nonprofit advocacy group for children with developmental disabilities is notifying 2,934 families of a potential data breach that occurred when someone stole computers from the group’s Austin office.
EveryChild, Inc. said the computers, which were discovered missing Feb. 2, contained clients’ birthdates, Social Security numbers, Medicaid numbers, photos and health information.
Read more on MySA.
A statement on EveryChild’s website, posted yesterday, says:
EveryChild, Inc. takes privacy very seriously. We want to let the public know about a recent incident that put private information at risk of exposure. EveryChild, Inc. is a non-profit with a contract with the Texas Health and Human Services Commission (HHSC) to help adults under age 22 and children with disabilities get services in a family setting rather than an institution. On February 02, 2014, computers were discovered stolen from our Austin office. The stolen computers held some information about 2,934 children and young adults with disabilities and Medicaid coverage, including their name and one or more of the following: address, date of birth, Social Security number, Medicaid number, photo, or health information.
At this time, there is no indication that any of the information has been misused as a result of the theft. However, we will be providing free credit protection to those affected to help ensure that information is not misused.
Upon discovery of the theft, we immediately notified law enforcement and the Texas Health and Human Services Commission. We are cooperating with investigations and attempts to recover the computers. We are also improving the security of confidential information through security alarms, enhanced technology, and policy and procedure changes.
If you were personally affected by this theft and we have your current address, you will be receiving a letter informing you about the credit monitoring protection. If you believe you may have been affected and do not receive a letter, you may contact our toll free number at 1-877-742-8844.
We take the protection of private information seriously and sincerely regret that this crime put information at risk. We will continue work to put stronger controls in place to better protect private information in the future.
I hope “enhanced technology” and “policy and procedure changes” include ePHI encryption. Theft of computers from medical offices seems to be rising so encryption of all computers, not just mobile devices, should be seriously considered by all medical practices. I look forward to the day that reports like this are a surprise rather than the norm.