Four computers were stolen from the administrative office of Advocate Medical Group, the largest health system in Illinois. Unfortunately for 4.03 million patients their sensitive information on the computers was unencrypted leaving them vulnerable to identity theft. While Advocate claims the computers themselves were password protected it is very easy, especially if they were Window’s based computers, to bypass the password protection. If you were or are a patient of Advocate Medical Group you should be receiving a letter notifying you of the breach. In addition, Advocate is offering victims a credit monitoring for one year. For additional information please visit Advocate’s website. Oh wait – they have not yet posted anything on their website about the breach. Don’t worry I am sure they will be posting something very soon as it is required by the HHS (Health and Human Services). In the meantime checkout the “wall of shame” from the HHS to see if your provider has had a data breach.
Encryption of sensitive information is crucial. September 23, 2013 starts the enforcement of the HIPAA Omnibus Final Rule. For health care organizations and their business associates penalties for non compliance are based on the level of negligence with a maximum penalty of $1.5 million per violation. This includes data breaches of unencrypted information. If you are unsure if your organization is in compliance the Kerskie Group is your solution. Our expert privacy consultants can help your organization get in compliance, reduce the risk of a data breach and save you time and money. Give us a call today 239-435-9111.