Info of 55K Patients Stolen from Indianapolis Cancer Practice

The Cancer Care Group, an oncology practice based in Indianapolis, claims it will improve its storage and data security practices going forward after a laptop containing the sensitive information of about 55,000 of its patients was stolen last month.

The Cancer Care Group, an oncology practice based in Indianapolis, claims it will improve its storage and data security practices going forward after a laptop containing the sensitive information of about 55,000 of its patients was stolen last month.

The laptop, which contained backup media from the clinic’s computer server, was taken from the locked vehicle of an employee on July 19.

According to a post on its website, the backup media included patient demographic information, including their names, addresses, date of birth, Social Security numbers, medical record numbers, insurance information and minimal clinical information the firm claims was used for billing purposes only. Employees’ information, including their date of birth, social security numbers, beneficiary names and other “employment and/or financial data,” were also stolen.

The Cancer Care Group claims that while the backup media has yet to be retrieved, there’s no proof the information has been used or exploited yet. The practice has vowed to encrypt its mobile media going forward and has made plans to update policies and procedures, upgrade data storage technology and better inform its employees on how to safely handle its media.

Suggested articles

Discussion

  • Anonymous on

    From the first line of the statement: "Patient confidentiality is a top priority at Cancer Care Group". Clearly not. This was pure negligence, bad security practice and a distinct lack of interest in any patient confidentiality at all. I doubt that they are slow or negligent in billing the people whose information they so poorly store. I hope they are sued.
  • Anonymous on

    They should be sued, as previously suggested. Why is this still happening? Why are people allowed to have this type of information on a laptop, or anything mobile for that matter?

  • Anonymous on

    This happens to this day because HIPPA and HITECH have no teeth. In other words, there are no 'severe' reprecussions to lost/stolen portable media, hard-drives, or laptops. The most they get is a smack on the hand, a small fine, and a 'please, take better care next time'.

  • Anonymous on

    Having managed a healthcare breach in the past few years i can say that the OCR/HIPAA/HITECH is SLOWLY gaining teeth.  

    The lack of internal oversight and the CISO's ability to communicate risk to the CFO/CEO is becoming more and more apparent.  

    Cyber securtyrisk is a game of language, budgets and it's biggest competitor is "compliance".. ultimately it's the patient that looses out when their PII goes amiss.  If we focus on the asset and educating the users these incidents may not disappear but will certainly be reduced. 

     

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.