South Carolina-based Self Regional Healthcare (SRH) is notifying at least 500 patients that their personal information – including Social Security numbers and financial data – was on a laptop stolen from an SRH facility.
How many victims? At least 500.
What type of personal information? Names, Social Security numbers, driver's license numbers, treating physician names, insurance policy numbers, patient account numbers, service dates, diagnosis/procedure information, payment card information, financial account information and possibly addresses.
What happened? An SRH facility was broken into and a laptop containing the information was stolen.
What was the response? All impacted patients are being notified and offered a free year of identity theft protection services.
Details: The laptop – which was password protected, but not encrypted – was stolen on May 25 and SRH learned of the theft on May 27. Two intruders were arrested for breaking into the SRH facility. The individual who stole the laptop confessed to the crime and claimed he destroyed it and disposed of it in a lake. Police divers were unable to recover the laptop.
Quote: “We retained third-party computer forensic experts to assist with the investigation of this incident, even though the intruders admitted their actions to law enforcement and claimed never to have accessed the laptop,” Jim Pfeiffer, president and CEO of SRH, said in a notification posted to the website.
Source: selfregional.org, “Self Regional acts to reduce unauthorized patient information use associated with computer theft,” July, 2014; indexjournal.com, Index-Journal, “Self Regional announced security breach of patient info,” July 24, 2014.