I have to admit that stories about data breaches are becoming as common as days that end in “y”. Today comes word that the Riverside County Regional Medical Center (RCRMC) has suffered a data breach affecting 563 of their patients when a laptop was reported missing.
The laptop was not encrypted.
The data that was on the missing laptop included names, dates of birth, medical record numbers and…electromyogram test results.
“Protecting sensitive patient information is a golden rule in healthcare,” Remm said. “We apologize for the inconvenience this incident has caused our patients. Right now, we are focused on minimizing current and future impacts.”
Remm said RCRMC is taking steps to minimize the risk of future incidents, by:
Encrypting sensitive patient data
Using locks to secure laptops to carts
Developing advanced security access in areas where sensitive patient information is stored
Why on earth was this data not encrypted in they first place? Seriously, this isn’t that hard. The upside in this breach is that the medical center is aware as to all of the affected patients as opposed to so many breach incidents where the “who” if often unclear. It isn’t like there is legislation like HIPAA.
/me bites tongue
RCRMC had this to say, “We have no reason to believe the computer is missing because of the patient information it contained,” Remm said. “But, our job is to safeguard our patients’ privacy and that’s what we are focused on doing.”
Now, this is a response that gave me an epic giggle fit. Seriously, how can they make a statement like that when they have no idea who actually has the laptop? That being said, taking Occam’s Razor into account it is entirely possible that this was a crime of opportunity.