Molly Smith reports:
Patients at the Boston Baskin Cancer Foundation learned some of their personal information was stolen, and tell WREG one year of identity protection doesn’t seem like enough.
[…]
Patients got a letter in the mail, saying a robber broke into a clinic employee’s home back in December and stole a hard drive with patient information on it. The hard drive had things like Social Security numbers, names, addresses, and birth dates.
Read more on WREG.
Boston Baskin Cancer Foundation, which is part of Baptist Memorial Medical Group , posted the following notice about incident on their web site:
Notice: Boston Baskin Cancer Foundation had a privacy incident on December 2, 2014
When the home of an employee was burglarized and an external hard-drive containing patient and employee data was stolen, in addition to many of the employee’s own personal electronics. The employee was properly authorized to work on the data at home as part of his job. However, the hard-drive was not encrypted. The affected individuals are patients who were seen at each of Boston Baskin’s office locations between 2008 and July 2014. All affected individuals are being notified by mail. The external hard-drive contained patient demographic information, dates of birth, Social Security numbers, phone numbers, and first and last dates of clinic visits. Employee data included titles, office location, Social Security numbers, dates of birth, pay rates, hire dates, and termination dates (if applicable). Patients and employees may wish to place a fraud alert on their credit reports. Questions may be directed to a toll-free helpline, 1-888-593-6181.
Bitlocker secure AES 128bit is available as a $99 dollar upgrade (through upgrading to Windows Professional) on any PC since Windows Vista. And STILL people have portable disks, usb drives and laptops with no encryption…
Seriously, this should be mandatory by law with huge fines for the company. This is just plain gross neglect by not caring about the data if your customers.