The personal health information of 729,000 patients was put in jeopardy when thieves stole two laptops from an administration building of San Gabriel Valley-based AHMC Healthcare, the Los Angeles Times reported yesterday.
This breach ranks as the second-biggest of the year and the 11th largest in the nation, compared to reported medical data breaches recorded by the U.S. Department of Health & Human services, which requires hospitals to report breaches involving more than 500 people.
On Oct. 12, thieves broke into a video-monitored office in Alhambra, Calif., on a medical campus that officials told the newspaper is "gated and patrolled by security" and stole two password-protected laptops.
The hospital group said in a statement the computers contained information with patients' names, Medicare/insurance identification numbers, diagnosis/procedure codes, insurance/patient payment records and, in some cases, Social Security numbers of Medicare patients, according to the Times. Hospital group officials said there's no evidence so far that any of the information has been used, but they can't rule it out.
The healthcare group has hired an auditing firm to perform security risk assessment and advised those affected to place fraud alerts on their credit files.
KABC News of Los Angeles reports that police are working on the case and there's information about a possible suspect.
Security breaches for medical information are increasing with advancements in cybersecurity. In June, Lucile Packard Children's Hospital, a 311-bed facility in Palo Alto, Calif., reported its third data breach in four years--and its second in six months--this one potentially exposing 12,900 patients to potential medical identify theft.
The AHMC breach could be an example of a malicious, non-accidental one--in late July, it was found that the number of health data breaches is growing with the push to electronic records, and increasingly thieves are targeting their attacks, according to data security firm ID Experts.
Health data is targeted for the value it holds and the ease with which hackers can gain access to it, Rick Kam, president and co-founder of ID Experts, told American Medical News. However, privacy experts who spoke at the Healthcare Privacy Summit in Washington, D.C., this summer said too many organizations' breach responses are reactive.
To learn more:
- read the Los Angeles Times article
- read the new KABC News article
Cloud storage debacle marks hospital's third privacy incident in a year
Privacy experts: Health data security efforts too reactive
Securing health data from hackers requires a holistic approach
Stolen health data increasingly sought after for commercial ventures
Healthcare organizations leaving themselves open to breaches