14 DAY TRIAL // Lebanon Internal Medicine Associates (LIMA) patients might be exposed to identity fraud after renovation contractors disposed without permission of a server computer that was damaged by flood waters.
After being flooded with 100,000 gallons of water, the institution was forced to call in a renovation contractor to repair the damages. It's not yet certain how the misunderstanding occurred, since the notice issued by the facility only mentions that the workers were not directed to dispose of the machine.
“The computer which operated as main file server for LIMA's on-site laboratory was rendered inoperable and was susequently disposed of by restoration contractors hired by LIMA, who were not directed by LIMA to do so,” the notice reads.
The letter also states that the risk of identity fraud is slim, even though the computer contained sensitive information gathered in the course of 12 years, including social security numbers, names, dates of birth, account numbers, addresses, diagnoses, lab tests and insurance info.
“This server was no longer in use by LIMA at the time of its disposal and the PHI it contained was likely inaccessible due both to multiple pre-existing security measures within the server and to damage caused by it being submerged in the floodwater,” the letter states.
The institution has alerted the authorities and they're sending notifications to all the individuals involved after they failed to find the device that disappeared around September 12. The improper disposal of such a machine constitutes a violation of the HIPPAA and HITECH regulations.
Hopefully, the individuals involved in the incident will not be affected, but as a precaution, they are advised to set up fraud alerts and credit monitoring services at their banks. Also, they are recommended to keep a close lookout themselves for any suspicious activities that might show up on their credit reports and even consider a credit freeze.