The same week that Alaska DHSS agreed to pay $1.7 million to the government for an ePHI security breach, another big data breach was reported by the University of Texas MD Anderson Cancer Center.
An MD Anderson unencrypted computer containing patient and research information was stolen from a physician’s home on April 30. The Center investigated the matter and confirmed that the stolen computer contained patient information, such as names, medical record numbers, treatment and research information and some Social Security numbers.
The investigation hasn’t determined who the responsible criminal is and MD Anderson is trying to reproduce the computer’s information. However, more importantly, it started notifying affected patients who may have been affected. To ensure that credit card information remains safe, MD Anderson is offering credit monitoring services for those whose Social Security numbers were included in the data. Furthermore, it has call center support available to those affected.
MD Anderson said that it doesn’t believe the theft was due to the information on the computer, but that seems to be of little consequence at the moment. The unencrypted computer was completely vulnerable to theft and after what happened to DHSS, what type of action the government takes (if any) should be interesting. In its press release, Anderson said that it “takes this incident very seriously and is committed to protecting patient privacy.” If this is the case, it will follow up on its promise to ramp up its employee privacy training and encryption efforts.