LaPorte & Associates tells members about data vulnerability
LaPorte & Associates, a health insurer in Portland, Ore., learned in January that a laptop computer belonging to an agent had been stolen and now is notifying an undetermined number of affected members.
The organization secured the agent’s email account, remotely erased the computer and engaged an unidentified data forensics firm. An extended forensics review concluded in April, finding that compromised data was from LaPorte clients or their employees and family members. Data at risk includes names, health insurance numbers, claims information, dates of service, provider names, diagnoses, explanation of benefits, invoice and invoice amounts, and Social Security numbers.
To date, there has been no indication that emails were viewed or have been used, and the majority of clients have not been affected, according to the firm.
“If you were affected and LaPorte has your address, you will receive a letter with more information and a toll-free number to call to learn about free credit monitoring and identity theft protection services being offered to affected individuals,” the company told patients in the notification letter.
Laporte & Associates apologized for the incident and now is placing data encryption on portable electronic devices and preventing offline access to email accounts. The company also has begun additional training for employees on portable electronic device security and is amending its email retention policies.
Marv LaPorte, president at LaPorte & Associates, did not respond to a request for more information.
The HHS Office for Civil Rights has not yet posted details of the incident on its data breach web site.