On July 9, SunBridge Healthcare Corporation of New Mexico issued the following press release:
A password-protected laptop computer, containing resident information from 10 states was stolen in May 2010. The states involved are Arizona, California, Colorado, Idaho, Montana, New Mexico, Oklahoma, Utah, Washington and Wyoming.
The theft was immediately reported to local law enforcement and the company’s privacy officer. After thorough investigations by our compliance and information technology departments, working with outside experts, we concluded that the information on the stolen laptop included names, medical record numbers, dates of service, and clinical data, as well as social security and health insurance numbers. No credit card data or other financial information was stored on the stolen laptop.
Although there has been no indication that the information on the computer has been improperly accessed or misused. The company engaged Kroll Inc., to operate a toll-free call center to address any questions, address identity theft concerns, and provide comprehensive identity theft safeguards to individuals affected by this incident. Kroll’s Fraud Solutions team has more experience than any other organization when it comes to helping people who have encountered the unintentional exposure of confidential data.
In addition, the company has taken a number of steps to prevent further breaches in the future, including reinforcing with its staff the proper protocols required to maintain the security of personal information. Also, the company’s internal encryption practices have been strengthened to ensure that no laptop computers are issued to employees without encryption software installed.
The centers involved are in the process of notifying each of the patients, residents or their guardians, as well as the U.S. Department of Health and Human Services. These notifications are being made pursuant to the Health Information Technology for Economic and Clinical Health Act approved in 2009. Individuals who would like more information may call 1-877-309-0173, toll-free, between 6 a.m. and 3 p.m. (Pacific Time), Monday through Friday.
According to the corporation’s report to the U.S. Department of Health & Human Services, 3,830 residents had data on the stolen laptop.
Cross-posted from PHIprivacy.net