DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Alere Home Monitoring notifies 100,000 patients after laptop stolen from employee's car

Posted on November 10, 2012 by Dissent

More than 100,000 patients who take drugs to prevent blood clots are at risk of identity theft. An employee of Alere Home Monitoring, Inc. had the patient data on a laptop that was stolen. The computer file contained the names, Social Security numbers, addresses and diagnoses of patients who take anticoagulant drugs such as warfarin or Coumadin.

The company became aware of the data breach around Oct. 1, said Doug Guarino, director of corporate relations for Alere, Inc.

Read more on news-press.com.

So far, I haven’t found any statement on Alere’s web site nor any substitute notice in the media. With my usual “let’s keep digging” attitude, though, I did find where someone posted the contents of the notification they had received. I do not know if this is the complete letter, but here’s what I found:

Dear “Shezagirlie”,
We are writing to inform you of an incident that may have involved your personal information that occurred on September 23, 2012. A car belonging to an Alere Home Monitoring employee was burglarized. One of the items stolen from the car was the employee’s laptop. While the laptop was password protected, it did contain a file with your personal health information. Some of the information included in this file was your name, address, date of birth, Social Security number, and diagnosis. A police report was filed, but so far the laptop has not been recovered.

Please note that we have no evidence that any of your information has been disclosed or misused as a result of this incident.

To help safeguard you from misuse of your personal information, we have arranged for you to receive identity protection from Experian Security Assistance at no cost to you. The Experian Security Assistance service will be valid for one (1) year from the date you register.

You must register with Experian Security Assistance to receive this complimentary identity protection service.
*Activate ProtectMyID Now in Three Easy Steps.
1. ENSURE: That you enroll by January 31, 2013.
2. VISIT the ProtectMyID Web Site: www.protectmyid.com/redeem or call 1-866-578-5412 to enroll.
3. PROVIDE Your Activation Code: E****TC**. (my deletion of code)

Once your ProtectMyID membership is activated, your credit report will be monitored daily for 50 leading indicators of identity theft. You’ll receive timely Credit Alerts from ProtectMyId on any key changes in your credit report which could include new inquiries, new credit accounts, medical collections and changes to public records.

We sincerely regret that this occurred and want to assure you that we have implemented steps to prevent it from happening again. If you have further questions or concerns about this incident, you can contact us at 1-866-578-5412

Sincerely,
Sallie Kennedy
HIPAA Privacy Officer, Alere Home Monitoring

The recipient’s comment was spot on:

Yes, I definitely will be calling them tomorrow since I canceled my Alere INR Medicare scheme this past June. What was my information doing in a laptop. Why wasn’t it purged? Why was the employee carrying around a laptop with all that information on it? Geez…

To her questions, I would add:

1. Why weren’t the data encrypted?
2. Why was a laptop left in an unattended vehicle?
3. Was there a substitute media notice? If so, where was it published?
4. Why is there no prominently displayed notice on Alere’s home page?
5. Will HHS actually fine entities for leaving unencrypted data in cars?

Other people who received the letter were confused because they had never done business with Alere.  A forum member responded:

This is how Alere got hold of the records. Anyone who dealt with QAS, Inverness Medical or Hemosense, your records are with Alere.

I cannot confirm the accuracy of that explanation, but Alere certainly should address it. We’ve seen this kind of problem before. All too often, people don’t know why or how an entity obtained their data. Entities would be well advised to include some statement in their notification letter if they had bought out another firm or entity, etc. If they don’t, people may suspect the letter is just a ruse to get their personal information and may ignore the advice to protect themselves.

I’ve sent an email inquiry to Alere’s corporate relations asking for a statement and some answers. I’ll update this entry when I get a response.

Category: Health Data

Post navigation

← Maryland man sentenced for credit card fraud scheme
How many breaches did GoTickets.com have? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.