When a Creditek, LLC employee went on vacation to the Bahamas, he took his work laptop with him. The laptop, which contained personal and medical information on 68,857 patients of orthopedic products supplier DJO, LLC, was stolen from the home in which the employee was staying.
According to a notification sent to New Hampshire’s Attorney General on December 12th, Creditek is a Pennsylvania firm that provides billing services for DJO. The laptop, which was stolen on November 14th:
… contained numerous files including some of our billing data regarding certain DJO patients such as: names, addresses, social security numbers, dates of birth, gender, dates of services rendered by DJO, diagnostic codes (and, in some cases, a brief description of the diagnosis), summary charges (reflecting the total retail value of services rendered), patient balances, insurance ID numbers, current payors, and, if the payor was an insurance company, the insurance plan identification numbers.
There was no mention in the notification as to whether there was any security on the laptop, and no copy of any notification letter to individuals was enclosed with the report. Affected patients are from across the U.S. and Puerto Rico.