Encryption Beefed Up After 2 BreachesSunbridge Healthcare Reports Laptop, Blackberry Stolen
Sunbridge Healthcare Corp., Albuquerque, N.M., reports that a laptop computer containing information on 3,830 residents in 10 states was stolen May 11. Information on the device included names, medical record numbers, dates of service, clinical data and Social Security and health insurance numbers.
In a second incident on June 26, a Blackberry device containing information on 1,000 residents from eight Georgia facilities was stolen. In this case, the information included names, dates of birth, medical record numbers, dates of service and clinical data.
Sunbridge reported both cases to local law enforcement authorities, and there is no evidence the information on the devices has been misused, the company reports.
"The company's internal encryption practices have been strengthened to ensure that no laptop computers are issued to employees without encryption software installed," the nursing home chain said in a statement on the May incident.
"The company has encrypted and password-protected all Blackberry personal digital assistants and has reinforced with all the staff the proper protocols required to maintain the security of personal information," according to a statement about the June incident.
The latest incident was added Sept. 10 to the list of major breaches compiled by the Department of Health and Human Services' Office for Civil Rights.
Sunbridge notified the office, as well as individuals who could be affected, of both incidents as required under the HITECH Act breach notification rule. It offered the patients involved ID theft protection services from Kroll Inc.