The News Journal in Wilmington reported the breach on March 3, noting that the hospital "did not disclose the security breach to the general public until news media began calling." However, provider organizations are not required to publicly report breaches that affect less than 500 individuals, although breaches of all sizes are reportable to the Department of Health and Human Services' Office for Civil Rights.
There is no mention of the breach on Beebe Medical Center's Web site. An employee of the hospital inadvertently took a briefcase that contained Medicare cost reports to Disney World during Christmas vacation and kept the briefcase in the hotel safe. But the employee's car was broken into during the return trip home and the briefcase was taken, The News Journal reports.
The hospital learned of the theft on Jan. 4. A spokesperson told the newspaper that the hospital waited seven weeks to notify patients, in part, because the chief compliance officer was on a family related leave of absence for a month. The hospital is offering affected patients a year of free credit monitoring services.
--Joseph Goedert
Be the first to comment on this post using the section below.