The Gordon Schanzlin New Vision Institute located in La Jolla, CA, has informed thousands of patients that files containing some of their protected health information (PHI) were discovered to be in the possession of an individual unauthorized to have the information. The files were discovered during a U.S. Postal Inspection Service raid on a property in Southern California.
The records included information such as names, addresses, dates of service, health insurance details, Social Security numbers, and health and clinical information.
The Gordon Schanzlin New Vision Institute was informed of the discovery on June 15, 2018. An internal investigation was launched to determine the nature and scope of the data breach and how the medical files can to be in that individuals’s possession.
Although it could not be verified with 100% certainty, Gordon Schanzlin believes the medical records were part of a batch of paperwork that thieves stole from a storage unit in October 2017. The medical files of 9,351 patients had been placed in the storage facility to satisfy documentation retention requirements, but the facility was broken into and some boxes of files were removed by thieves. Only some of the missing files were recovered, but Gordon Schanzlin made a decision to alert all 9,351 patients of the discovery out of an abundance of caution.
Due to the sensitive nature of data in the files, and the possibility that some of that information may have been used for identity theft and fraud, Gordon Schanzlin offered all patients complimentary credit monitoring services via Experian for one year. Breach notification letters were sent on August 14, 2018.
Gordon Schanzlin New Vision Institute has provided employees with further training and additional security controls have been implemented to reduce the risk of further data theft.