On December 14 WCPO TV 9 News reported:

“A break-in in Springdale, Ohio is affecting thousands of people in Pennsylvania. The office of Electronic Registry Systems on Northland Boulevard was broken into Thanksgiving weekend and a computer was stolen. That computer had medical records on it for some 25,000 participants in a Pennsylvania health plan. Police don’t suspect I.D. theft. They say, in other recent cases, the thieves wiped the computer’s hard drive clean and then tried to re-sell it.”

It is troubling that the police reportedly dismissed even considering the PII could be misused by the thief.
Also, it seems very unlikely a thief would wipe a hard drive clean before re-selling it…since when would thieves be concerned about protecting the privacy of the people whose data is on the computers they steal?
Also disappointing that the Office of Electronic Registry Systems apparently is not offering credit monitoring for the impacted individuals.

Tags: awareness and training, data protection, health data privacy, Information Security, IT compliance, laptop theft, personal data breach, policies and procedures, privacy, privacy breach

This entry was posted on Sunday, December 17th, 2006 at 7:28 pm and is filed under Privacy and Compliance, Privacy Incidents. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.