December 18, 2014

Nearly 39,000 affected by potential data breach at Greenwood hospital

Image: Self Regional Healthcare

Image: Self Regional Healthcare

Officials at a hospital in Greenwood are sending notifications to nearly 39,000 patients whose sensitive information may have been contained on a laptop that was stolen earlier this year and remains missing.

Self Regional Healthcare revealed the potential data breach in a press release and statement on its website Thursday. The hospital said two unauthorized individuals broke into one of its support facilities on Sunday, May 25 and stole a laptop. Due to the Memorial Day holiday, employees did not discover the burglary until May 27.

The two suspects, identified as David Smith, 23, and Samuel Hall, 22, were later arrested by Greenwood Police and confessed to stealing the laptop, according to Self Regional’s vice president of corporate compliance and integrity Craig White. White said the pair told officers that they panicked after realizing what they had stolen and threw the laptop into Lake Thurmond. Dive teams were not able to find the laptop, he said.

White said a forensics team had to reconstruct the computer to determine whether any sensitive information was on the stolen device. He said the forensics staff believed the computer may have had access to patients’ names, Social Security numbers, addresses, and driver’s license numbers, among other potentially private information.

He said notifications are being sent to 38,906 patients who may have been affected, in accordance with federal HIPAA regulations. The notifications offer a full year of complimentary membership to Experian’s ProtectMyID Alert, which detects potential misuse of personal information and provides identity protection.

However, White said the evidence indicates the laptop’s theft was a run-of-the-mill burglary and not identify theft.

“This is not a Target situation, where you had sophisticated cyber-hackers going after specific financial information to do something bad,” he told South Carolina Radio Network. “I think we had a couple of guys who broke in, spent some time in our breakroom, and grabbed a computer on their way out the door.”

Since the laptop remains missing, officials are treating it like a traditional data breach. “Because we do not have the laptop in our possession, Self Regional must assume there is a possibility that someone may have accessed certain patients’ protected health information,” Self Regional President and CEO Jim Pfeiffer said in a statement.

Federal law allows anyone to access one free credit report each year from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report.

At no charge, individuals can also have these credit bureaus place a “fraud alert’ on their file that alerts creditors to take additional steps to verify their identity prior to granting credit in their names. Note, however, that because it tells creditors to follow certain procedures to protect individuals, it may also delay their ability to obtain credit while the agency verifies the individual’s identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on that individual’s file.

Any individual wishing to place a fraud alert, or who has any questions regarding their credit report, can contact any one of the agencies listed below.
Equifax
P.O. Box 105069
Atlanta, GA 30348
800-525-6285
www.equifax.com

Experian
P.O. Box 2002
Allen, TX 75013
888-397-3742
www.experian.com

TransUnion
P.O. Box 2000
Chester, PA 19022-2000
800-680-7289
www.transunion.com