500 Patients of Solis Mammography Informed of Laptop Theft and PHI Exposure
Ben-Ora, Hansen, Vanesian Imaging Ltd, has announced that an unencrypted laptop computer used by a Solis Mammography employee has been stolen from the Phoenix, Arizona clinic.
Solis Mammography discovered the theft on October 17, 2018 and reported it to law enforcement. Up to now, the device has not been retrieved. Solis Mammography has attempted to reconstruct the data stored on the device with the assistance of a leading computer forensics company.
Although the investigation verified that the protected health information (PHI) of some patients had been downloaded to the laptop, the investigators could not ascertain the exact information that had been downloaded and neither if it had been accessed.
Solis Mammography believes the information stored on the device was limited to the names of patients, dates of birth, health insurance details, laboratory test results, medical photos, although other data were potentially stored on the device; however, no financial information was exposed.
Safety measures have now been implemented to further protect patient data such as strengthening passwords and access controls; reviewing and updating policies and procedures regarding the safe disposal of patient data.
There have been no report received to suggest the misuse of any information contained on the device, but the patients have been advised to check their statements from health insurers for services that have not been received.
On December 16, 2018, Solis Mammography reported the data breach to the Department of Health and Human Services’ Office for Civil Rights. The breach report indicated that the PHI of around 500 patients might have been compromised.