Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen

An unencrypted laptop has been stolen from one of its employees of Rocky Mountain Health Care Services of Colorado Springs. This is the second such incident to be identified in just three months.

The most recent incident was identified on September 28. The laptop computer was seen to store the protected health information of a small number of patients. The types of data stored on the device included first and last names, addresses, dates of birth, health insurance details, Medicare numbers, and limited treatment details.

The breach incident has been reported to law enforcement and patients affected by the incident have been alerted by mail.

Rocky Mountain Health Care Services, which also conducts business as Rocky Mountain PACE, BrainCare, HealthRide, and Rocky Mountain Options for Long Term Care, also foundd on June 18, 2017 that a mobile phone and laptop computer were stolen from a former member of staff. The devices stored names, dates of birth, addresses, limited treatment information, and health insurance details.

So far, only one of those incidents has published on the Department of Health and Human Services’ Office for Civil Rights breach portal. That incident, reported on November 16, shows 909 patients were affected. It is not yet clear if this is the first or second laptop theft.

Reacting to the breaches, Rocky Mountain Health Care Services has been changing its policies and procedures with respect to the security of patient data and portable electronic devices, and is considering incorporating mobile device management technologies and data encryption to keep its portable electronic devices secure.

As the Office for Civil Rights breach portal states, the loss and theft of unencrypted portable electronic devices is still a significant cause of healthcare data violations, and one that the use of data encryption technologies can easily stop. So far in 2017, there have been 31 breaches reported by covered bodies and business associates that have involved the loss or theft of unencrypted laptop devices and other portable electronic technology.

Author: Maria Perez