Northwestern Memorial Hospital Tight-Lipped on Hospice Data Breach
The theft of six laptop and tablet computers stolen from the home hospice offices at Northwestern Memorial Hospital in Chicago has resulted in an undisclosed number of patients being notified that their protected health information was compromised.
The theft of six laptop and tablet computers stolen from the home hospice offices at Northwestern Memorial Hospital in Chicago has resulted in an undisclosed number of patients being notified that their protected health information was compromised.
The hospital issued a statement that did not disclose the number of affected patients, and is not releasing the number at this time. The number will have to be disclosed to the HHS Office for Civil Rights, which will publicly post the breach here if it affects 500 or more individuals.
Information on the computers included Social Security numbers, name, address, date of birth, diagnosis, acuity of symptoms, medications, treatment notes, advanced directives, and insurance group and policy numbers. The hospital noted it does not believe the personal information was a target of the theft. It is offering affected patients credit monitoring services but would not describe the services, the time period for the services, or whether identity theft protection services also are being offered.
The hospital in the statement said the devices were undergoing a software upgrade and standard laptop security controls were suspended during that time. The hospital also noted it is taking “decisive measures” to prevent future breaches, including limiting the number of patient records stored on laptop and tablet computers. Hospital officials did not comment on whether data on the computers had been encrypted before suspension of security controls, or if encryption now would be mandated.
The hospital issued a statement that did not disclose the number of affected patients, and is not releasing the number at this time. The number will have to be disclosed to the HHS Office for Civil Rights, which will publicly post the breach here if it affects 500 or more individuals.
Information on the computers included Social Security numbers, name, address, date of birth, diagnosis, acuity of symptoms, medications, treatment notes, advanced directives, and insurance group and policy numbers. The hospital noted it does not believe the personal information was a target of the theft. It is offering affected patients credit monitoring services but would not describe the services, the time period for the services, or whether identity theft protection services also are being offered.
The hospital in the statement said the devices were undergoing a software upgrade and standard laptop security controls were suspended during that time. The hospital also noted it is taking “decisive measures” to prevent future breaches, including limiting the number of patient records stored on laptop and tablet computers. Hospital officials did not comment on whether data on the computers had been encrypted before suspension of security controls, or if encryption now would be mandated.
More for you
Loading data for hdm_tax_topic #reducing-cost...