There’s an important update in the Dynacare breach that affected City of Milwaukee employees.
Fox6 reports that a 17-year-old male has been arrested for his role in the theft of the thumb drive, laptop, and computer bag that were stolen from the employee’s car on October 22. According to Fox6 and other media reports, the police had not been made aware of the thumb drive being stolen until 24 days after the theft. The vehicle and laptop were subsequently recovered, but the thumb drive with PHI and computer bag remained missing.
Both the thumb drive and the computer bag have now been recovered. They were found during a search of a home on January 6 during a separate crime investigation. Fox6 and WUWM report that from the forensic examination conducted so far, it does not appear that the data on the thumb drive were accessed.
The recovery of the thumb drive will likely have only little impact on the investigation by HHS/OCR, who will be more focused on what policies and security safeguards Dynacare had in place and whether they were followed. HHS/OCR should also look at Froedtert to see if they failed to monitor their vendor’s compliance with any contractual obligations for data security.