Henry Rosoff reports:
Franciscan Health Systems is still trying to figure out how a former IT contractor kept his active security pass for months after he was done working for the company.
Justin Pace is now charged with stealing $100,000 in computers, scanners and other equipment from three Franciscan facilities, including St. Joseph’s Hospital.
[…]
Thompson said no patient information was compromised despite the theft of 35 computers and 34 scanners.
Read more on KIRO-TV.
Although FHS says no patient information was comprised, let’s hope that the devices stolen were properly wiped so that data really was not recoverable. And that any login credentials had been properly revoked. They seem to be talking about on-premises theft of physical devices. Have they ruled out any access to ePHI? Hopefully they have.
Assuming they’re right that no patient information was compromised, this is a “what might have been” situation worthy of note.