MyFoxAustin reports:
A computer-like device was stolen from Seton Northwest Hospital. Now two months later, nearly 180 patients possibly affected are just finding out. One of them came to FOX 7 for help.
It was inside a locked storage area at Seton Northwest Hospital where a device was stolen.
We’re told only names, dates of birth, and Seton account numbers were on it.
[…]
It was on February 28 when staff discovered that a Hewlett Packard desktop device had been stolen from the Seton Northwest Sleep Lab. Almost two months later, Falls was notified.
Read more on MyFoxAustin.
Previous incidents involving Seton Healthcare include:
- In 2007, Seton reported that 2,500 young patients at Seton Highland Lakes Hospital had their names, medical information and some social security numbers on two laptops stolen from an employee’s car in the parking lot.
- At around the same time, the healthcare system disclosed that a laptop with 7,800 emergency room patient names, birth dates and Social Security numbers was stolen from the information services department in North Austim.
- In 2012, Seton Healthcare reported that a computer error by their business associate HealthLOGIX resulted in 555 member cards with dates of birth being mailed to the wrong members.
- In October 2013, they reported that a laptop stolen from Seton McCarthy Clinic contained information on patients seen at Seton McCarthy, Seton Topfer and Seton Kozmetsky community health centers and the Seton Total Health Partners program,
Given that 4 of the 5 incidents involved stolen computers or a “computer-like device” and the incidents occurred in 2007, 2013 and 2014, perhaps they should consider encryption of their ePHI. If the “computer-like device” was stolen from a locked storage area, I have to wonder if “enhanced physical security” will be sufficient to make sure another incident does not occur. Encryption has to be less expensive than four breach notifications and a year of credit monitoring for almost 16,000 affected patients. (The article indicated that 5,500 were affected by the October breach.)