Stolen laptop compromises data of Houston’s health plan

Register now

A data breach of the employee group health insurance plan for the City of Houston has resulted in employees, retirees and their dependents being notified that their protected health information is at risk.

In early February, laptop computer was stolen out of the car of an employee of the health plan. The city currently is not disclosing the number of affected individuals, but the breach falls under the HIPAA Act, so details on the number of affected individuals will eventually be made available on breach website hosted by the HHS Office for Civil Rights.

Protected information that could have been on the computer includes names, addresses, dates of birth, medical information and Social Security numbers. The city is offering one year of credit monitoring and identity restoration services, and is urging affected individuals to place fraud alerts on their credit files.

Also See: 7 breach notification processes that must be followed

As is common in recent data breach incidents, the city is reinforcing security measures to protect against future breaches. Human resources professionals in City Hall are trained not to remove laptops from city offices unless sensitive information is encrypted.

“Because one employee failed to follow his training, all employees authorized to work with group health plan data are being retrained to reinforce the prohibition against removing unencrypted data from the protections of City facilities,” according to a statement from City Hall.

The city did not respond to a request for additional information on the incident.

For reprint and licensing requests for this article, click here.