14 DAY TRIAL // Information belonging to patients receiving Electrocardiogram (EKG) checks at Valley Community Healthcare may be exposed to an unknown party after a laptop hooked to the EKG machine disappeared without a trace.
The most likely explanation is that someone stole the unattended computer in order to sell it for a quick buck. However, the system collected medical data from patients, which is now at risk of being exposed to actors that may misuse it.
Encryption to be applied to data storage units
It appears that the laptop benefited from some protection, although nothing that would prevent a low-skilled cybercriminal from accessing the information on the storage unit.
Paula Wilson, president and CEO of the health care organization, said that the machine was password-protected, which is far from being an obstacle for getting the stored data.
A better approach would have been to encrypt the hard disk, a step Wilson said would be taken as part of the measures for security patient information.
In a letter to affected patients, the CEO says that highly sensitive information such as social security numbers, driver’s license or financial account details was not available on the missing laptop.
Patients advised to check credit and health insurer statements
“We are informing you of this incident because you received an EKG test, and your name and date of birth were entered into the medical record database on the computer,” the letter informs.
The recommendation from the officials is that patients monitor their bank account statements for suspicious medical bills. If irregular activity is detected, they should contact the card issuing bank. US citizens can request credit reports free of charge for a period of 90 days.
On the same note, they should check the explanation of benefits statement from the health insurance carrier, if available. Medical services not received by the patient should be reported to the insurer.