WSBTV reports:
The United States Secret Service said it is investigating how the personal information of patients at the DeKalb Medical’s Hillandale facility was stolen.
The data involves patients seen at the hospital between July and October 2010.
The secret service said the case was similar to others in Georgia and Alabama.
They said the information may have been used to file fraudulent tax returns with the Internal Revenue Service for individuals between the ages of 17 and 20.
Read more on WSBTV.
A notice on DeKalb’s web site dated July 15 says:
DeKalb Medical was recently informed by the United States Secret Service that personal information belonging to a limited number of patients treated at its Hillandale facility was stolen. The data involves patients seen at the hospital between July and October, 2010.
DeKalb Medical is cooperating with the United States Secret Service in its criminal investigation into the matter. The Secret Service has advised DeKalb Medical that the information theft appears to be connected to similar crimes in Georgia and Alabama in which the stolen information may have been used to file fraudulent tax returns with the Internal Revenue Service for individuals between the ages of 17 and 20. DeKalb Medical is not a target of the investigation and will continue to cooperate with law enforcement. In addition, DeKalb Medical is conducting its own internal investigation and is implementing an action plan designed to reinforce hospital security safeguards and procedures.
DeKalb Medical sent letters to the approximately 7,500 patients who may have been affected by the theft and has offered these patients credit monitoring and identity theft counseling and restoration services free of charge. The letters also provide specific steps affected patients can take to protect themselves. The hospital also set up a toll free number to answer questions.
“DeKalb Medical is deeply committed not only to the care of our patients, but to the protection of all information entrusted to us. We sincerely regret that this personal information was compromised and are notifying and offering services to all individuals whose data could have possibly been included in this theft. We take this matter very seriously and are taking steps designed to minimize the possibility of such an event occurring in the future,” said Eric Norwood, FACHE, President and CEO, DeKalb Medical.
Any individual who has questions regarding whether he or she may have been impacted by the theft should call: 855-294-2545 toll free. Information is also available on the DeKalb Medical website at: www.dekalbmedical.org. Affected patients may also contact the IRS toll free at (800) 908-4490 and contact the Federal Trade Commission toll free at (877) 438-4338 or online at www.consumer.gov/idtheft to invoke other protections that may be available.
Media Contact:
Tori Vogt, MBA, Media Relations
404.501.2885
[email protected]
So… were these paper records that were stolen or electronic data? Does this appear to be the work of an employee or an outside job? And when exactly did DeKalb find out?
Update of September 8, 2011: The breach has now shown up on HHS’s breach tool, where the entry reads:
“DeKalb Medical Center, Inc. d/b/a DeKalb Medical Hillandale”,GA,,”7,500″,7/11/2010,Theft,Paper,,
So it looks like it was paper records.