DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

DaVita notifies dialysis patients of breach

Posted on November 7, 2013 by Dissent

Adam Greenberg reports that DaVita is notifying approximately 11,500 dialysis patients of a breach that occurred when a laptop with unencrypted PHI was stolen from an employee’s car.

The notice on DaVita’s site, dated Nov. 5 and linked from its home page, reads:

DaVita®, a division of DaVita HealthCare Partners Inc., reported today that on Sept. 6, 2013, a laptop was stolen from a teammate’s vehicle. Although DaVita maintains a company-wide program and policy requiring encryption of laptop computers, DaVita discovered that the encryption technology on this particular device had been unintentionally deactivated.

DaVita has determined that personal information belonging to approximately 11,500 patients was on the laptop at the time of the theft. In most cases, this information included details such as name, clinical diagnoses (e.g., end stage renal disease), insurance carrier name, claims payment data and dialysis treatment information. For approximately 375 patients, the information stored on the laptop included Social Security numbers. Personally identifiable information for a very small number of DaVita teammates was also stored on the laptop. All affected individuals will receive letters with additional information.

DaVita takes its responsibility to protect its patients’ information very seriously and maintains extensive security and privacy programs. The laptop in question was password-protected and the theft was reported to law enforcement. DaVita has no evidence that the data on the laptop has been accessed or used. Nonetheless, out of an abundance of caution and to ensure that patients are protected, DaVita is offering affected patients one year of credit-protection services, including credit monitoring, identity recovery assistance and identity theft insurance through idexperts® at no charge.

“We sincerely apologize for any inconvenience or concern this incident may cause our patients,” said DaVita spokesperson Skip Thurman. “DaVita has reviewed its encryption practices and implemented additional safeguards to protect against any future instances of non-compliance with our encryption policies and procedures.”

Patients with questions or concerns regarding this incident or those seeking assistance with establishing their credit monitoring services can call 1-866-797-3792 toll free Monday through Friday, 9:00 a.m. to 9:00 p.m.EST.

DaVita and DaVita HealthCare Partners are trademarks or registered trademarks of DaVita HealthCare Partners Inc.

If DaVita’s name rings a bell, it may be because I reported three other breaches they experienced in 2008 and 2009:

  • In March 2008, they reported that a laptop stolen from an employee’s car contained unencrypted patient information that included insurance filings for dialysis services for current and former patients, including name, social security number, medical insurance coverage information, and/or other personal and health related information.
  • In December 2008, DVA Renal Healthcare reported that unencrypted patient information was involved in a burglary at a Florida facility and that the “documents may have contained your name, social security number, medical insurance coverage information, and/or other personal and health-related information.”
  • In August 2009, they reported that Renal Treatment Centers Southeast – LP, an affiliate of DaVita, suffered a data loss when a DaVita facility in Dallas was burglarized and multiple desktop computers were stolen. The stolen hard drives contained dialysis insurance documents which contained patients’ names, addresses, SSN, insurance numbers, treatment records, progress notes, and other personal or medical information.

Four incidents of theft involving unencrypted patient information? Given that we don’t find out about most breaches, this may not be an unusual rate for a 5-year period, and if they went four years without a reportable breach, then that may reflect progress. It’s also commendable that this time, unlike past breaches, they offered affected patients free credit-monitoring services.   But four breaches that all could have been avoided if encryption had been properly deployed and verified on a regular basis?  How…. frustrating.

Category: Health Data

Post navigation

← XSplit Password Reset Alert – Protecting Your Twitch Account
Video: What is Anonymous →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.