A break-in at the offices of addiction treatment services provider Integrity House had potentially resulted in patients protected health information (PHI) being compromised.
The burglar stole a number of electronic devices, which include laptop computers, desktop computers, and tablets. The Integrity House IT team investigated the incident and confirmed that one of the devices contained the PHI of some patients, including names, dates of birth, Social Security numbers, health insurance data, and some treatment data.
Integrity House discovered the break-in on November 25, 2018. Law enforcement was notified about the stolen devices but they have not been recovered.
It is likely that the thieves took the devices to resell and not for the sensitive data they contained. However, it’s possible that the thieves or the individuals currently in possession of the devices accessed and/or misused patient information. Therefore, as a preventative measure, Integrity House has offered all affected patients complimentary identity theft protection and credit monitoring services.
Integrity House has now implemented extra physical security measures and further safeguards to protect the privacy of patients, including the setting of strong passwords, implementing policies concerning the management of personal data, and using encryption on all computer drives.
Integrity House considers the privacy and security of personal data a top priority and has sincerely apologized for any issues or trouble that the theft has caused. All patients who have been affected by the breach have now been notified by mail and the incident has been reported to the Department of Health and Human Services’ Office for Civil Rights. OCR published a breach summary on its breach portal indicating 7,206 patients were potentially impacted by the incident.