Lawyers are supposed to protect clients’ information, but it seems the Legal Aid Society of San Mateo County played with fire until its clients were burnt. During a burglary of their offices on August 12, ten of their laptops with clients’ personal information were stolen.
In a letter to those affected, M. Stacey Hawver, Executive Director, writes:
We believe that your personal information may have been stored on the stolen laptops. The personal information believed to be stored on the stolen laptops includes your name, Social Security number, date of birth, medical and health information.
Although those affected were offered some advice on placing fraud alerts on their credit files and advised to check insurance Explanation of Benefits forms, they were not offered any free services.
Nor, it seems, were they given any explanation as to why all these laptops weren’t encrypted. Hawver writes:
We are sorry that this incident occurred and want to assure you we are carefully reviewing our procedures and practices to minimize the risk of recurrence.
Where was the careful review and security before the incident? And will they now encrypt client files? Don’t legal aid clients have enough problems without their information being put at risk by inadequate security?
A copy of the notification letter with the enclosure can be found on the California Attorney General’s web site.
UPDATE: HealthITSecurity.com obtained additional information on the organization’s HIPAA status. Read their follow-up here.