It has been discovered that an unencrypted laptop has been stolen from one of the employees of Rocky Mountain Health Care Services of Colorado Springs . This is the second such theft incident to be found in the space of just three months.
This incident was first noticed on September 28. The laptop computer was found to be holding the protected health information of a number of patients. The information held on the laptop device included first and last names, addresses, dates of birth, information regarding health insurance, Medicare numbers, and limited treatment details.
Law enforcement agencies and patients impacted by the incident have been made aware of the incident by mail.
Rocky Mountain Health Care Services, which also does business as Rocky Mountain PACE, BrainCare, HealthRide, and Rocky Mountain Options for Long Term Care, also found on June 18, 2017 that a mobile phone and laptop computer were stolen from a former employee. The devices contained names, dates of birth, addresses, limited treatment information, and health insurance details.
To date, only one of those incidents has been published on the Department of Health and Human Services’ Office for Civil Rights breach portal. That attack, officially reported on November 16, indicates 909 patients were affected. It is not yet been announced whether this is the first or second laptop to have been stolen.
In the aftermath of the breaches, Rocky Mountain Health Care Services has been reevaluating its policies and procedures with respect to the security of patient data and portable electronic devices, and is thinking about incorporating mobile device management technologies and data encryption for its range of portable electronic devices.
The Office for Civil Rights (OCR) breach portal portrays that the loss and theft of unencrypted portable electronic devices is still a significant cause of private healthcare data breaches, and one that the use of data encryption technologies can easily cut off. There have been 31 breaches reported by covered entities and business associates so far in 2017 that have involved the loss or theft of unencrypted laptop computers.