Cancer Care data breach compromises 55,000

On Tuesday, officials at the Indianapolis-based Cancer Care Group announced a data breach after a company laptop, containing the personal health information (PHI) of as many as 55,000 patients, was stolen.

As reported by the Indiana Business Journal, the laptop was taken from an employee’s locked vehicle on July 19. Group officials said the laptop contained patient names, addresses, date of births, Social Security numbers, medical record numbers, insurance information and possibly patient clinical data. Similar employee data was also contained on the computer.   

[See also: 10 of the largest data breaches in 2012 ... so far.]

The laptop has yet to be found, and Cancer Care Group officials say both patients and employees have been notified of the breach.  

A spokesman for the group has said the group is taking the necessary steps to further improve security measures. 

“Cancer Care Group is encrypting all mobile media, updating policies and procedures, upgrading data storage technology, and re-educating our workforce on safety with mobile media,” said spokesman Clyde Lee, as reported by EHR Intelligence. “Some of these steps already were underway at the time this incident occurred.”

The physician group is one of the biggest privately owned radiation oncology programs in the U.S., with 21 locations throughout the state of Indiana.

[See also: Data breaches top of mind for IT decision makers.]

The July Cancer Care Group data breach is the fourth largest data breach of 2012. It stands behind similar incidents at Utah Department of Health,involving the PHI of 780,000 individuals; Emory Healthcare, involving the PHI of an estimated 315,000 individuals; and South Carolina Department of Health, involving PHI of 228,000 individuals.