It’s not up on HHS’s public breach tool nor on their own web site, but a copy of the following notice from Physicians Skin & Weight Centers was sent to the California Attorney General’s web site:
To past and current patients of Physicians Skin & Weight Centers, Inc:
On November 4, 2014, an employee’s vehicle was broken into in Fresno, California and a password protected laptop and external hard drive were stolen from the vehicle. Fortunately, the theft was discovered within an hour of its occurrence and the Fresno Police Department was immediately notified and a formal police report was filed.
Physicians Skin & Weight Centers has security measures in place and we routinely delete information from electronic devices. However, we believe some patients’ personal information was on a device at the time of the incident. Specifically, the following information belonging to some of our patients was potentially exposed: Images taken during the course of their treatment with their first and/or last name; and some patients’ name on a company invoice. Also, a limited number of patients had banking information including full routing numbers, account numbers, and/or credit card numbers; and/or a copy of our financing application detailing some patients’ social security number, date of birth, mailing address, email address, income, rent payment, and employer’s name potentially exposed.
Though there is no evidence that any patients’ information has been used, we are taking this matter very seriously and are reexamining our practices. To help protect our affected patients, we have arranged to have AllClear ID protect their identity for 12 months at no cost to the patients, starting on the date of this notice. Our affected patients can use the services at any time during the next 12 months.
AllClear SECURE: The team at AllClear ID is ready and standing by if an affected patient needs help protecting their identity. Affected patients are automatically eligible to use this service – there is no action required on their part. If a problem arises, call 1-877-437-3998 and an investigator will verify you were an affected individual, and then do the work to recover financial losses, restore your credit, and make sure your identity is returned to its proper condition. AllClear ID maintains an A+ rating at the Better Business Bureau.
AllClear PRO: This service offers additional protection including credit monitoring and a $1 million identity theft insurance policy. To use the PRO service, an affected patient needs to provide their personal information to AllClear ID. He/she may sign up by calling 1-877-437-3998, varying that they were affected and providing the necessary information.
Additionally, anyone can call the three major credit agencies and place a 90-day fraud alert. These are Equifax (1-888-766-0008; P.O. Box 740241, Atlanta, GA 30374), Experian (1-888- 397-3742; P.O. Box 4500, Allen, TX 75013), and TransUnion (800-680-7289; P.O. Box 2000, Chester, PA 19022-2000). Anyone is also entitled to a free credit report every year from each of these agencies at www.annualcreditreport.com. Lastly, affected patients may also want to contact their bank and credit card company and notify them of the situation.
We sincerely apologize for this inconvenience and any concern it may cause you. We understand how important confidentiality and trust is to our physician-patient relationship. Please feel free to call 1-877-437-3998 or use the above postal address to discuss any concerns or questions you may have.
Now what I was saying recently when I suggested that California crack down on entities leaving laptops with PII/PHI in vehicles?