The Cancer Care Group, an oncology practice based in Indianapolis, claims it will improve its storage and data security practices going forward after a laptop containing the sensitive information of about 55,000 of its patients was stolen last month.
The laptop, which contained backup media from the clinic’s computer server, was taken from the locked vehicle of an employee on July 19.
According to a post on its website, the backup media included patient demographic information, including their names, addresses, date of birth, Social Security numbers, medical record numbers, insurance information and minimal clinical information the firm claims was used for billing purposes only. Employees’ information, including their date of birth, social security numbers, beneficiary names and other “employment and/or financial data,” were also stolen.
The Cancer Care Group claims that while the backup media has yet to be retrieved, there’s no proof the information has been used or exploited yet. The practice has vowed to encrypt its mobile media going forward and has made plans to update policies and procedures, upgrade data storage technology and better inform its employees on how to safely handle its media.