Data Breach, News Events

How a Stolen Computer Could Cost You Millions

When a thief broke into “Breaking Bad” star Bryan Cranston’s car earlier this year and took his iPad and a script from the show’s coming season, the media seized on the potential secrets that had been leaked.

For health care providers, secret leaking can have far more serious consequences than making the news on “Entertainment Tonight” or bad TV ratings; violating patients’ rights to privacy can mean literally millions of dollars in fines.

A Massachusetts medical care provider was ordered last fall to pay the federal government $1.5 million to settle potential violations of the Privacy and Security Rules of 1996’s Health Insurance Portability and Accountability Act (HIPAA).

The case began when a laptop with unencrypted, protected health information – including prescriptions and clinical data – was stolen.

In announcing the settlement, the Department of Health and Human Services stated that Massachusetts medical care provider had “failed to take necessary steps to comply with requirements of the HIPAA Privacy and Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of electronic protected health information (ePHI) maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that [the firm] created, maintained and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices, and adopting and implementing policies and procedures to address security incident identification, reporting, and response.”

Proper security protocols can ensure your firm protects the privacy of your patients and stays on the good side of the Department of Health and Human Services.

Have questions or concerns? RISC Management and Consulting can help. Contact us today.

Data Breach


On March 29th, 2012, according to the California Department of Child Support Services, the records of more than 800,000 individuals may have been lost by their service providers IBM and, ironically by way of their blog post, Iron Mountain. The statement by DCSS indicates that storage devices used for data backups cannot be found, and there ultimate whereabouts are unknown. The data fields included on the lost devices include a great deal of critical information including: Names, addresses, Social Security Numbers, drivers license numbers, names of health insurance providers, and employment information.

The data loss event should be specially noted because of the strict data protection and breach notification requirements in the State of California such as Cal. Civ. Code §§ 56.06, 1785.11.2, 1798.29, 1798.82.

This loss of backup devices underscores the critical importance of encrypting backup devices including tapes and hard drives.

To view the Breach notification letter that was sent out, please visit:

For assistance in choosing and implementing encryption technology, please contact RISC Management 630.264.1472