Share this newsletter on:
West Virginia-based Coplin Health Systems has knowledgeable 43,000 sufferers that their PHI has probably been uncovered in consequence of the robbery of an unencrypted laptop personal computer from the automobile of an worker.
Coplin Health was once alerted to the robbery on November 2, 2017. The robbery was once straight away reported to regulation enforcement and an investigation was once introduced, even if on the time of issuing notifications, the laptop personal computer has no longer been recovered.
While it’s conceivable that safe well being data of sufferers was once saved at the pc, Coplin Health does no longer consider that was once the case, even if the chance of information publicity can’t be dominated out with 100% simple task.
Coplin Health notes that the pc had quite a lot of safety protections in position to make sure the privateness of sufferers within the tournament of the pc being stolen. While the pc may just probably be used to realize get entry to to affected person information, a password would had been required and it’s not suspected that the thief had “the sophisticated knowledge and resources necessary to bypass the laptop’s security mechanisms.”
Further, Coplin Health’s IT division took fast motion to restrict the possibility of hurt. The worker’s login credentials had been modified to forestall the pc from getting used to get entry to Coplin Health’s methods, and no makes an attempt had been made to get entry to its methods the use of the pc because the tool was once stolen.
The probability of affected person information being saved in the neighborhood at the tool is thought to be low, even if if that was once the case, the tool would have contained recordsdata that incorporated affected person names, addresses, Social Security numbers, start dates, monetary data and well being data. Out of an abundance of warning, 43,000 sufferers had been notified of the possible publicity of their PHI.
The incident has brought on Coplin Health to habits a evaluate of its safety protections and movements had been taken to forestall a recurrence. Coplin Health will even building up tracking to ensure insurance policies and procedures are being following by its staff and any long term breach of insurance policies will lead to disciplinary motion being taken in opposition to the workers involved.
The Health Insurance Portability and Accountability Act (HIPAA) calls for lined entities to imagine the use of encryption, even if the use of encryption isn’t necessary. The resolution concerning the use of encryption will have to be in line with a possibility review. If encryption isn’t applied, selection, identical measures should be used instead. Coplin Health has no longer mentioned whether or not it plans to enhance its safety protections with encryption one day.
43,000 Patients of Coplin Health Systems Potentially Impacted by Laptop Theft