Western Health Screening breach affects 15,326 patients
Western Health Screening, which provides onsite blood screening services at health fairs across the Colorado Western Slope region, is offering 15,326 affected individuals protective services following a data breach.
Much of the at-risk patient information is not highly sensitive—data on the drive included names, addresses and phone numbers, but some Social Security numbers also may have been compromised, said the healthcare organization.
The breach occurred when a car owned by Western Health was stolen; a flash drive with the protected health information was in the car. The drive was password protected but not encrypted; it has not been recovered.
Data on the flash drive can be accessed only by using a unique password, and to date, there is no evidence of data misuse, according to Western Health Screening.
Still, the organization is offering three tiers of protective services from Kroll to affected individuals. The services being administered by Kroll include credit monitoring, identity theft restoration and fraud consultation, a service that other healthcare organizations have rarely provided after a breach incident.
Western Health Screening did not respond to a request for information on the decision-making process they followed in making protective services to affected individuals.
Robert Belfort, a HIPAA attorney at the law firm Manatt, Phelps & Phillips, notes that if Social Security numbers were possibly compromised, the offer of multiple protections does not seem like overkill. “If SSNs were not involved, the offer would seem very generous, although in my experience, there is a wide variation in how healthcare organizations treat these matters,” he adds.