I Hate Dialysis Message Board
Welcome, Guest. Please login or register.
November 24, 2024, 11:36:33 PM

Login with username, password and session length
Search:     Advanced search
532606 Posts in 33561 Topics by 12678 Members
Latest Member: astrobridge
* Home Help Search Login Register
+  I Hate Dialysis Message Board
|-+  Dialysis Discussion
| |-+  Dialysis: News Articles
| | |-+  Stolen Davita laptop with dialysis patient data at risk
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Stolen Davita laptop with dialysis patient data at risk  (Read 2023 times)
Bill Peckham
Elite Member
*****
Offline Offline

Gender: Male
Posts: 3057


WWW
« on: March 25, 2008, 06:28:39 PM »

Did anyone hear anything about this - did a letter go out earlier this month? Who or what is OVA Renal Healthcare, Inc. ?

This is from the Breach Blog http://breachblog.com/2008/03/06/davita.aspx the blog's author's comments [Evan] are in italics

Date Reported:
3/3/08

Organization:
Davita*

*"DaVita provides dialysis services for those diagnosed with chronic kidney failure, a condition also known as chronic kidney disease (CKD). We have over 1,300 outpatient dialysis facilities and acute units in over 800 hospitals. We are located in 42 states and the District of Columbia, serving approximately 103,000 patients." - Source: Davita "About Davita" page

Contractor/Consultant/Branch:
None

Victims:
Current and/or former patients

Number Affected:
Unknown

Types of Data:
Insurance filings for dialysis services, which includes "name, social security number, medical insurance coverage information, and/or other personal and health related information"

Breach Description:
A laptop containing sensitive personal information belonging to current and former patients of Davita has been stolen from a worker for the company.  The laptop was password-protected, but did not employ encryption.

Reference URL:
The New Hampshire State Attorney General breach notification http://doj.nh.gov/consumer/pdf/davita.pdf

Report Credit:
The New Hampshire State Attorney General

Response:
From the online source cited above:

March 3, 2008
New Hampshire Department of Consumer Affairs
Attn: Consumer Protection
33 Capitol Street
Concord, NH 03301
Dear Sir:
The purpose of this letter is to notify the New Hampshire Department of Consumer Affairs that OVA Renal
Healthcare, Inc. ("Company") recently discovered that it sustained a loss of personal information
[Evan] I copied this from the breach notification letter because there are some interesting points.  I don't think there is a "New Hampshire Department of Consumer Affairs", per se.  The New Hampshire Department of Justice handles these matters.  Secondly, the letter starts out with "Dear Sir".  The New Hampshire State Attorney General is Kelly A. Ayotte, a woman.

Dear ______________
On behalf of your dialysis provider, we are writing to inform you of a recent incident which may have resulted in the unauthorized acquisition of your personal information.

Recently, a teammate's laptop was stolen.

Although the laptop is password protected, the hard drive contains --along with numerous other non-related documents -documents involving insurance filings for dialysis services.
[Evan] #1, password protection is little more than no protection.  #2, why do I care about the non-related documents?

The documents may contain your name, social security number, medical insurance coverage information, and/or other personal and health related information.

The theft was immediately reported to the proper legal authorities.

While law enforcement officials estimate that over two million laptops are stolen annually for resale, we suggest you take all necessary proactive steps to protect against the possibility of identity theft.
[Evan] In my opinion this is a statement meant to minimize the situation.  Maybe there are over two million laptops stolen annually for resale, but if I were a victim, the only laptop I care about right now if the one that was just stolen from Davita that has my poorly protected information on it!

We take privacy very seriously, and sincerely apologize that information was compromised resulting from this theft.
[Evan] Anybody can say that they take privacy very seriously, but let's put our money where our mouth is and demonstrate this claim.  Why was personal information on the laptop in the first place, and why wasn't the laptop encrypted?

While we remain hopeful that this theft was merely a petty crime looking for things of value, we felt that outreach to you was warranted.
[Evan] Hope only goes so far.

We are taking extra precautions to minimize the chance of this happening in the future.
[Evan] Like?

If you have any questions, please contact DaVita's Guest Services Customer Center at 1-866-987-7454.

Please note that you may be asked to provide the following reference code: TQO208.

Commentary:
Another lost or stolen laptop containing sensitive personal information that did not employ a minimum level of protection (in my opinion).

Do you think I am being too harsh in comments?  Don't collect personal information unless you can provide a "reasonable" level of security assurance.  Storing personal information on a laptop without encryption or other controls and relying on password protection is not "reasonable" to me.
Logged

http://www.billpeckham.com  "Dialysis from the sharp end of the needle" tracking  industry news and trends - in advocacy, reimbursement, politics and the provision of dialysis
Incenter Hemodialysis: 1990 - 2001
Home Hemodialysis: 2001 - Present
NxStage System One Cycler 2007 - Present
        * 4 to 6 days a week 30 Liters (using PureFlow) @ ~250 Qb ~ 8 hour per treatment FF~28
Sluff
Member for Life
******
Offline Offline

Gender: Male
Posts: 43869


« Reply #1 on: March 25, 2008, 06:50:56 PM »

Well ain't that a kick in the pants. I feel bad for the people(patients) involved.
Logged
Rerun
Member for Life
******
Offline Offline

Gender: Female
Posts: 12242


Going through life tied to a chair!

« Reply #2 on: March 25, 2008, 08:52:40 PM »

This is the third company that has had my information and some one has breached the security.

Federal Government Credit Card
Financial Advisor
DaVita

What will this lead too.  Chips in are hands with our information? 
Logged

Pages: [1] Go Up Print 
« previous next »
 

Powered by MySQL Powered by PHP SMF 2.0.17 | SMF © 2019, Simple Machines | Terms and Policies Valid XHTML 1.0! Valid CSS!