Skip to main content

HIPAA Audits Begin; Huge Medical Data Theft from California Provider

Our sister blog, Health Law & Policy Matters, includes a detailed discussion (warning?) relating to the commencement of HIPAA audits by the Office of Civil Rights.

Yesterday, we learned of a major medical data theft involving more than 4 million records from Sutter Health, a large Northern California provider. Again, had these records been encrypted, the thieves would have gotten away with monitors, keyboards and desktops ---- but not medical records.   The equipment was stolen in a classic smash-and-grab; the thieves simply threw a rock through a window.    The HuffPo story points out:

Employees reported the theft to Sacramento police when they returned to work that Monday, Oct. 17, said Sgt. Andrew Pettit, but they didn't notify the public until Wednesday, a month later. The company said in announcing the theft Wednesday that some patients might not receive mailed notices until early next month. "If that machine is that valuable, then there should be more security measures where that is protected. There's got to be something in place to make sure that that doesn't happen," Pettit said.

Indeed.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.