DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Heyman HospiceCare notifies patients after laptop stolen from employee's car

Posted on February 17, 2013 by Dissent

The Rome News-Tribune in Georgia reports:

Heyman HospiceCare is offering patients who may have had their personal information on a stolen and still-missing laptop a free one-year membership to a credit monitoring service, according to a news release from Floyd Medical Center.

According to the news release:

A password-protected laptop was stolen Jan. 4 from an employee’s car. The laptop may have contained clinical and demographic information about patients, including names, addresses, phone numbers, birth dates, Social Security numbers, insurance policy numbers.

Read more on the Rome News-Tribune.

A  notice is linked from the medical center’s home page.

Privacy Notice for Heyman HospiceCare at Floyd Patients

Heyman HospiceCare at Floyd (“Heyman HospiceCare”) is committed to protecting the personal information it maintains on behalf of its patients. Regrettably, this notice is regarding an incident involving some of that information.

On January 4, 2013, Heyman HospiceCare became aware that a password-protected laptop went missing from an employee’s car earlier that same day. The incident was reported to the police, and Heyman HospiceCare immediately began a thorough investigation to identify the information that was contained on the laptop. To date, the laptop has not been located. Although information on the laptop was not encrypted, it was protected by additional security software that would make it difficult for the average person to access any information.

Heyman HospiceCare’s investigation concluded that the laptop may have contained clinical and demographic information about patients, including names, addresses, phone numbers, dates of birth, and Social Security numbers, as well as insurance policy numbers, diagnoses, visit notes, physician names, caregiver names, and advance directives. Patient financial information was not on the laptop, and medical information has not been lost. The incident affected only certain patients treated between July 1, 2006, and January 3, 2013.

Heyman HospiceCare has no reason to believe that the laptop was taken for the information it contained, or that the information has been accessed or used improperly. In an abundance of caution, Heyman HospiceCare began mailing letters to affected individuals on February 15, 2013. Heyman HospiceCare is also providing a dedicated call center to answer questions for affected patients. Heyman HospiceCare is also offering eligible individuals a free one-year membership in three-bureau credit monitoring service provided by TransUnion, one of the three major nationwide credit reporting companies. If you believe you are affected but do not receive a letter by February 28, 2013, please call toll free 1-866-264-1049, Monday through Friday between 9 a.m. and 7 p.m. Eastern time.

Heyman HospiceCare deeply regrets any inconvenience or concern this may cause patients. Heyman HospiceCare is committed to safeguarding patients’ personal information. To help prevent something like this from happening in the future, Heyman HospiceCare is implementing a more disciplined approach to its encryption for all laptop computers and re-educating staff on policies and procedures for securing such mobile devices.

Hospice is usually a relatively short-term care, available for patients not expected to live more than 6 months. So why were data for patients from 2006 on the laptop? What was this employee’s job and why did so much data need to leave the office?

Earlier this year, Hospice of North Idaho was fined $50,000 by HHS after a laptop with PHI was stolen from an employee’s car and HHS’s investigation revealed that the hospice had not conducted a risk analysis and had no policies in place to secure mobile devices. Had Heyman HospiceCare conducted a risk analysis? Did they have policies in place? Eventually, we’ll find out, but it is frustrating to learn that so many years after HIPAA went into effect, we are still reading reports like this one.

Category: Health Data

Post navigation

← CO: FBI asked to aid probe of Iron Horse breach (updated)
Sierra View District Hospital computers possibly compromised →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.