[BreachExchange] Patient data breach reported by clinic looted after Durham gas explosion
Destry Winant
destry at riskbasedsecurity.com
Wed Nov 20 10:10:06 EST 2019
https://www.wral.com/patient-data-breach-reported-by-clinic-looted-after-durham-gas-explosion/18778379/
DURHAM, N.C. — A Durham health clinic whose employees had to evacuate
in the wake of a natural gas explosion last spring says its offices
were later looted, exposing patient data.
Main Street Clinical Associates put a notice on its website of the
potential data breach, noting that it has no evidence that personal or
protected health information "was viewed without authorization."
The April 10 explosion rocked the area west of downtown Durham,
killing two and injuring about two dozen others.
Main Street Clinical was in the building next to the site of the
explosion, and employees had to immediately leave the office "without
the opportunity to properly store and secure" patient information.
"At the time of the evacuation, certain patient files in use were left
open, and the file room containing patient records was unlocked,"
according to the clinic's statement.
During the months that followed, crews checked the structural
integrity of buildings in the area and cleaned up the hazardous rubble
of the building that exploded. Main Street Clinical noted in its
statement that employees couldn't get back into their office until
Sept. 9 and that the clinic now operates in a temporary office at 3326
Durham-Chapel Hill Boulevard while searching for a permanent location.
"Upon re-entry to their office on September 9, 2019, Main Street
discovered that looters had unlawfully entered the office and stolen
two laptop computers, a clinician’s cell phone and a printer that
stored patient information," according to the statement. "The
computers and the cell phone were password-protected, and the client
files stored on them were also password-protected."
The records included patient names, driver’s license numbers, Social
Security numbers, health insurance information and diagnosis and
treatment information, officials said, adding that they believe the
looting occurred sometime after mid-July.
Officials said they immediately notified police and changed the
passwords on all of the devices and have been remotely monitoring the
devices to see if any unauthorized access has occurred.
Main Street Clinical has established a dedicated assistance line at
866-775-4209 for anyone seeking additional information. The line is
open weekdays 9 a.m. to 6:30 p.m.
Clinic officials also encouraged patients to check their credit
reports and possibly put freezes on them to protect against identity
theft.
More information about the BreachExchange
mailing list