Officials at a northwest Georgia hospice group have notified patients of a data breach after an unencrypted company laptop containing personal health information was stolen from an employee's car in January.
Heyman HospiceCare, part of the 304-bed Floyd Medical Center in Rome, Ga., began mailing letters Feb. 15 to nearly 2,000 patients affected by the breach. Officials say the laptop contained patient names, addresses, phone numbers, dates of birth, Social Security numbers, insurance numbers, clinical diagnoses and provider names.
[See also: 43K affected in Wisconsin data breach.]
"Heyman HospiceCare deeply regrets any inconvenience or concern this may cause patients," a company notice reads. "To help prevent something like this from happening in the future, Heyman HospiceCare is implementing a more disciplined approach to its encryption for all laptop computers and re-educating staff on policies and procedures for securing such mobile devices."
1,828 patients seen at Heyman HospiceCare from July 2006 to January 2013 were affected by the incident.
According to data from the Department of Health and Human Services, some 452,185 patient records in Georgia have been compromised in a breach since the August 2009 Breach Notification rule. The lion's share of that comes from the Emory Healthcare data breach in 2012, when backup tapes containing personal health information on some 315,000 patients went missing.
Nationwide, more than 21 million patient records have been compromised in a data breach since August 2009.
[See also: Top 5: Data breach winners and losers by state.]