KEZI in Oregon reports:
A Reedsport clinic is alerting patients about a recent data breach.
Police are looking for a hard drive containing patient information from Dunes Family Health Care.
The organization that downloads and stores the clinic’s electronic records says it went missing on March 11.
The clinic sent notices to more than 16,000 current and former patients Tuesday about the data breach.
The clinic believes many of the records contain Social Security Numbers, names, addresses, birthdays, and clinical information.
A statement on the facility’s web site, posted today, reads:
On March 11, 2011, the organization maintaining the clinic’s back-up electronic files discovered that the external hard drive on which those files were stored was missing. The hard drive was stored in a locked, fire-protected building with very limited access.
Nonetheless, we believe the hard drive was stolen by a person or persons unknown. The apparent theft was reported to the police and they are still investigating the matter with the help of the Oregon State Crime Lab.
We are committed to safeguarding our patients’ sensitive personal information, and have taken immediate steps to fortify the measures protecting our back up files. Those files are now being stored under increased physical security and are encrypted.
The files that were stolen cover a wide variety of situations and patient encounters. Many of these files contain patients’ Social Security numbers (“SSN”), as well as other personal information. Others did not include SSNs, but may include a name, date of birth, address or clinical information. For that reason, we are providing identity theft safeguards to current and former patients who have been affected by this incident.
[…]
Some additional information is provided in coverage by the Umpqua Post.
Okay, so why weren’t the data on the hard drive encrypted? Why are entities so quick to implement encryption following a breach? If it’s that quick/relatively easy to do, why didn’t they do it before now?
How does something “went missing?” DId it grow feet? Yes, I’m feeling snarky today. You’d think that after 10 years of monitoring breaches, someone would understand to protect your information and take responsibility for doing so.
thay keep stating that no one has had any problems due to the ‘missing hardrive’ i just got my letter and i had my whole bank account wiped out starting a week after the theft little things at 1st and unfortunatly I ended in the hospital for just over a month in time to find out both of my disability checks were taken. i went thru my bank to get my money back becuase I did not know about the breach I wonder why it took so long to send out the letters? Really makes one wonder why? The info sure would helped out with the some of the problems I had to deal with for some of the charges who sent the bank that I had provided my debit card number and my mothers maiden name and my social security card number. All the things on file there. I will be calling all the places that stated no victimes sorry they are wrong!
There may be no way to determine if the fraud you experienced was due to this breach or some other breach, but have you contacted the clinic’s patient hotline to ask them to provide you with credit restoration services at their expense?