14 DAY TRIAL // A burglary to one of the Self Regional Healthcare facilities that resulted in the theft of a laptop puts sensitive information about patients at risk.
The incident occurred on May 25, and the employees of the organization learned about it two days later, on May 27.
Two individuals responsible of the breach, who have since been arrested, confessed to the crime and said that the computer was destroyed and thrown into a lake.
The device, which was protected by a password but not encrypted, has not been found, and because of this, there is the assumption that the data on it could have been accessed by unauthorized persons. As such, Self Regional must notify the individuals whose data may have been exposed. According to the executives, at least 500 patients may be affected by the data breach.
The data available on the computer device included patients' names, Social Security numbers, driver's license numbers, treating physician names, insurance policy numbers, patient account numbers, service dates, diagnosis/procedure information, payment card information, financial account information, and possibly their addresses.
“In an abundance of caution, Self Regional is providing written notice of this incident to affected individuals, to the U.S. Department of Health and Human Services, as well as to certain state regulators,” said Craig White, vice president, corporate compliance and integrity.
All impacted parties have been offered complimentary one-year membership to a service providing identity theft mitigation so that any misuse of the information is detected early on and dealt with according to protocols.