Albany, NY-based St. Peter's Health Partners is notifying more than 5,000 patients at St. Peter's Medical Associates P.C., one of the system's physician groups, that a manager's cell phone – which contained their personal information – was stolen.
How many victims? 5,117.
What type of personal information? Names, dates of birth, and days, times and locations of medical appointments, as well as general descriptions of the reasons for the appointments. Addresses and phone numbers were included for two patients.
What happened? A manager's cell phone – which had access to corporate email systems and, thus, patient information – was stolen.
What was the response? Law enforcement was notified. Data was remotely wiped from the device, and it was disconnected from the corporate email system. Encryption controls on corporate-issued mobile devices are being reviewed. All impacted individuals have been notified.
Details: Officials learned of the breach on Nov. 24. The incident primarily involved data from August 2014 to November 2014. The cell phone was password protected, but not encrypted in accordance with St. Peter's Health Partners customary security procedures. So far there have been no reports that patient information was improperly used.
Quote: “While at this time we believe the risk is low that the data on these individuals was accessed, we are committed to doing all we can to protect each and every one of them,” Donald Martin, CEO of St. Peter's Health Partners, was quoted as saying.
Source: bizjournals.com, Albany Business Review, “St. Peter's Health Partners reports potential data breach after cellphone theft,” Jan. 23, 2015.