From the ah-so-that-explains-it dept.:
I had emailed Seim Johnson yesterday to inquire about a breach they reported to HHS that affected 30,972 patients. According to HHS’s breach tool, the incident, reported on February 8, involved the theft of a laptop.
I haven’t received a response from Seim Johnson yet, but Community Hospital patients in McCook, Nebraska appear to be among those affected. The McCook Gazette reports:
A laptop belonging to a Seim Johnson employee was stolen in Nashville, Tennessee in December. Seim Johnson’s standard procedure to secure data on its laptop computers includes installing a password and encryption software. After the theft was reported, Seim Johnson’s investigation revealed that it was likely that the encryption software on the stolen laptop computer was not functioning.
[…]
Berry said that most of the information listed in the auditing company’s software included a personal identifier such as a patient account number, medical record number or visit number. Patient names may also have been listed. No credit card information was on the laptop computer. For a few individuals, social security numbers were included. If that is the case, the patient would have been specifically informed in the letter they received from Seim Johnson.
According to the paper, nearly 4,200 Community Hospital patients received letters.
So what other covered entities are impacted to account for the other approximately 26,000 patients reported to HHS?
This post will be updated as more information becomes available.