Insider theft compromises data of rehab center residents

Register now

A post-acute rehabilitation center in San Jose, Calif., is notifying about 800 residents that a former employee may have compromised their protected health information.

Executives at White Blossom Care Center received a report from an undisclosed source that an employee improperly acquired data during employment at the center; the organization does not know when the theft of data took place.

The center contracted with a security firm to investigate, and its findings suggest that data exposed in the incident risk includes resident names, Social Security numbers, dates of birth, insurance carriers and account numbers and limited medical information, including admission date, diagnosis, medications or procedures.

Also See: Why insider threats remain the biggest risk to data

White Blossom executives said that, based on available information, bank account data and other information were not accessed. While there is no evidence of inappropriate use of information, White Blossom is offering identity theft protection services to affected individuals for a publicly undisclosed period of time. Most such protective services are offered for one or two years.

Patients also have been urged to place a fraud alert on credit files and obtain free copies of credit reports from Experian, Equifax and TransUnion.

“We recognize the trust that our residents place in us and have committed ourselves to taking steps to prevent this type of incident from happening again,” White Blossom Care Center told its affected residents.

The organization is resetting employee computer user accounts and passwords, and reconfiguring computer systems to further limit access to sensitive data. It also will continue to assess if additional improvements can be made.

White Blossom Care Center declined to provide additional details about the incident.

For reprint and licensing requests for this article, click here.