Lost laptop imperils data of New Mexico hospice’s patients
Ambercare has reported one of its laptops is missing, and it’s posted notice of a data breach.
The company, a major hospice and home health services provider in New Mexico, says the incident could result in the release of information of an undisclosed number of patients.
On May 30, a laptop computer that had been assigned to an employee was discovered to be missing. The employee’s computer held data on hospice patients and the activities of daily living that the patients were not able to do themselves.
“When Ambercare became aware of the missing laptop, we promptly began an investigation and filed a police report,” the organization said in a statement. “The laptop was password protected, and there is no evidence that any information on the laptop has been accessed or further disclosed.”
Information at risk on the computer includes patient names, dates of birth, addresses, diagnoses and clinical information, and Social Security numbers.
The organization now is implementing a series of additional technical and security controls on all computing devices. The HHS Office for Civil Rights expects organizations that have had a breach to implement encryption and several other forms of security protections. Ambercare also is retraining its 2,200 employees about physical security.
Ambercare further is encouraging affected individuals to request a credit or security freeze from one of the credit rating agencies. The organization is offering one year of credit monitoring services from Experian.
The organization declined to provide additional details about the incident.