Health data thefts a continuing problem

A state agency says Georgia consumers’ personal data has not been compromised so far in the wake of a theft of a laptop computer that contained some people’s health information.

The computer was stolen from the vehicle of an employee of the Department of Behavioral Health and Developmental Disabilities who was attending a Clayton County conference in August. The laptop contained health information on 3,397 individuals who receive services from the agency.

Stethoscope on a computer keyboard

A majority of these patients get services in the Columbus region, DBHDD said.

The health information included people’s names, addresses and phone numbers, dates of birth, names of guardians, marital status, Social Security numbers and Medicaid numbers, as well as diagnostic and behavioral data.

The agency said Thursday that there are no signs that anyone’s data has been used or accessed.

Data breaches in health care are not uncommon in the United States.

A recent massive breach affected many Georgians as well as others. Tennessee-based hospital chain Community Health Systems reported that hackers believed to be working out of China stole personal data from 4.5 million patient records.

CHS operates five hospitals in Georgia: Barrow Regional Medical Center in Winder; Fannin Regional Hospital in Blue Ridge; Clearview Regional Medical Center in Monroe; Trinity Hospital of Augusta; and East Georgia Regional Medical Center in Statesboro.

The company said the data stolen didn’t include anything about people’s actual health or medical care, but did include sensitive personal information such as patients’ names, addresses, birthdates, telephone numbers and Social Security numbers.

Tougher federal requirements for monitoring and reporting health care data breaches have led to more reporting of incidents when patients’ information goes missing or may have been inappropriately accessed by someone, the Washington Post reported recently.

Since those requirements kicked in, the U.S. Department of Health and Human Services’ database of major breach reports (those affecting 500 people or more) has tracked 944 incidents affecting personal information from more than 30 million people, the Post reported.

There are also many more incidents of smaller-scale breaches.

In the Georgia DBHDD case, the agency sent a letter to every person who might have been affected by the theft, explaining the incident and the actions that individuals can take to help protect their personal health information. Included with the letter was information on obtaining free credit reports and fraud alerts. The department provided a toll-free number (844-888-5998) that consumers may call to find out if their information is on the laptop.

“Protecting the individuals we serve is extremely important to us. We take very seriously the confidentiality of their information,” said DBHDD Chief of Staff Judy Fitzgerald. “We are constantly looking for ways to improve the system across all aspects of DBHDD’s operations.”

Clayton County police have no leads or evidence in the theft case, said Chris Bailey, a spokesman for DBHDD.