Consumer Fraud

Potential data breach linked to stolen corporate cell phone with private medical patient records

cell phone Potential data breach linked to stolen corporate cell phone with private medical patient recordsA potential data breach was reported by St. Peter’s Health Partners (SPHP) of Albany, N.Y., following the theft of a hospital manager’s cellphone late last year.

The St. Peter’s Medical Associates P.C., one of the hospital system’s physician groups, reports that the stolen cell phone had access to corporate email systems; however, St. Peter’s officials have not received any reports of misused patient information. The confidential information of approximately 5,117 patients, believed to be ranging from between August and November 2014, varies from patient name and date of birth to past appointment times and reason for the appointment.

Medical records not affected by this data breach include financial accounts, Social Security numbers and, aside from two patients who have already notified, phone numbers and home addresses.

“While at this time we believe the risk is low that the data on these individuals was accessed, we are committed to doing all we can to protect each and every one of them,” SPHP Medical Associates CEO Donald Martin said.

The potential breach first came to light on Nov. 24, 2014, when the phone theft occurred. Hospital officials immediately took notice and reported the breach to law enforcement and began taking steps to secure as much patient information as possible, such as wiping the device and disconnecting it from the SPHP corporate email system. All 5,117 patients affected by the cybersecurity incident have been notified by the SPHP hospital system.

In light of the recent data breach, SPHP says it is now taking the opportunity to improve its cybersecurity, including a review of encryption controls for its corporate-issued devices.

Every industry in the U.S., from health care to Hollywood, should have a basic understanding of data security and the role it will play in the future of successful businesses. A new story from the St. Louis Business Journal reports the average cost of a data breach in 2014 was $5.85 million in the U.S.

With more and more companies investing in improvements to their current cybersecurity setup, only time will determine which businesses successfully learned from the mistakes of those before them.

Albany Business Review