Unencrypted drive with 7 years of patient data stolen from Denton Heart Group
An unencrypted hard drive that contained 7 years of backup electronic health record data was stolen from the Denton Health Group, a member of the HealthTexas Provider Network.
The backup files contained a hoard of patient data from 2009 until 2016: names, Social Security numbers, dates of birth, addresses, phone numbers, driver's license numbers, medical record numbers, insurance provider and policy details, physician names, clinic account numbers, medical history, medications, lab results and other clinical data.
The device was stored in a locked closet before officials believe it was stolen on or around December 29, 2016. However, the medical group didn't discover the theft until Jan. 11.
All patients affected by the breach will receive one year of free credit monitoring and identity theft protection services, officials said. Denton Health mailed notifications to its patients on March 10 and set up a dedicated call center to answer questions.
"Necessary corrective actions have been taken to safeguard against similar incidents in the future, and we are taking steps to re-evaluate the security of computer devices within our clinics to further protect our patient's information," officials said in a statement.
The incident serves as a reminder of the importance of encryption. A 2017 Thales Data Threat Report for the Healthcare Industry released in February found that only 65 percent of healthcare organizations encrypt cloud data, while a 2016 Sophos report found 20 percent of organizations aren't using encryption at all.
And in February, OCR fined Children's Medical Center of Dallas $3.2 million for breaches due to lack of encryption.