LOST HARDWARE | Health Care and Social Assistance
SITUATION: An employee of a medical group lost their laptop. An Excel file on the
computer contained medical records of 1,500 patients including the names,
addresses, dates-of-birth, medical record numbers, medications, and
Once the loss was realized, the medical group immediately notified their
insurance company who provided a “breach coach” to assess the damage
and help the insured comply with regulatory and notification requirements.
RESOLUTION: The breach coach assigned a forensics team, provided by the insurance
company, to determine the potential exposure of the protected health
information (PHI). It was determined that the patient PHI was, in fact,
compromised. The patients were immediately notified and offered
credit monitoring services.
Concurrently, the breach coach engaged a public relations agency to
minimize the reputational damage as well as alerted counsel to help
settle legal action from patients.
They were proactive in contacting the Department of Health and
Human Service Office for Civil Rights and agreed upon a settlement
amount as well as a corrective action plan that included employee
cyber and data protection training.
*This example is meant to illustrate a potential scenario you might encounter. It may not necessarily represent details of a specific claim.