News Feature | March 17, 2016

Stolen Laptop Leads To Possible Data Breach For Premier Healthcare

Christine Kern

By Christine Kern, contributing writer

Stolen Laptop Fine Patient Health Informaiton

Device security brought to the forefront again in wake of loss of device.

Premier Healthcare of Bloomington, IN has reported the theft of a laptop containing the private information of approximately 205,000 individuals. Premier said 1,769 of those individuals’ Social Security numbers and financial information could potentially be accessed on the computer.

The laptop, which was reportedly stolen from the physicians group’s billing office, on January 4, 2016, contained emails that included patients’ names, addresses, dates of birth, insurance information, and medical records. The laptop was taken from a locked and alarmed administrative office of the billing department, according to Healthcare IT News.

The laptop was password-protected, but not encrypted, underscoring the importance of multi-factor authentication when dealing with sensitive patient data. Files on the laptop included PDF documents, spreadsheets, and screenshots of patient billing issues.

While there is no evidence the information on the laptop was specifically targeted or there has been any fraudulent use of the data to date, Premier has taken immediate steps to investigate the theft and recover the laptop, and also has notified affected patients.

“Premier has taken a number of steps to help keep this from happening in the future,” said Premier officials in a statement, who also noted all of Premier’s computers are now being encrypted and the institution’s protocols are being reviewed to protect against future thefts. “Premier deeply regrets this occurred and is committed to excellent care and protecting the privacy of personal information.”

As the medical profession becomes increasingly reliant on mobile devices such as laptops, tablets, and smartphones to conduct their business, the risk of theft of loss escalates. A study by the Ponemon Institute found nearly 5.8 percent of American adults have been victims of medical identity theft to date, with an average cost per victim of $20,160. Medical identity theft is a lucrative business for cybercriminals.

Threats to sensitive data have reached critical mass, due to the increasing sophistication of frequency of hacking attacks coupled with the proliferation of technologies that make more data vulnerable to breaches. Reaching the appropriate balance between ease of access and information sharing on one hand, and secure protection of sensitive data on the other is perhaps the most significant challenge faced by healthcare IT today.

In fact, the Federal Trade Commission (FTC) recently took a tough, watchdog stance over the protection of patient data when it signed a $250,000 settlement with an IT vendor over data encryption promises, as Health IT Outcomes reported. “Strong encryption is critical for companies dealing with sensitive health information,” Jessica Rich, Director of the FTC’s Bureau of Consumer Protection said in the statement.