Databreaches.net has found a press release announcing a data breach by what appears to be a private dental practice. And, the only reason why Dr. Ward Morris, DDS, did so was because he had to comply with the HITECH Act. If he only had also taken the “recommendation” that patient information be protected with disk encryption software…
Complying with HITECH Act
How do we know that Dr. Morris was prompted by the HITECH Act to go public with the breach? Easy. It’s included in the press release:
This press release is in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act. Dr. Morris has notified patients and the Department of Health and Human Services (HHS). In addition, an informational website and toll-free number hosted by ID Experts are available to affected patients.
The HITECH Act requires HIPAA-covered entities to do several things when patient information is lost during a data breach:
Alert the HHS immediately if more than 500 or more people are affected (if less than 500 are affected, it can wait until the end of the year)
Send breach notifications to the affected
Go public with the breach if not all people can be reached
Based on the fact that the HHS has already been alerted, it looks like over 500 patients are affected, although the actual number has not been made public (yet). Patient information included names, addresses, phone numbers, dates of birth, Social Security numbers, limited medical history and other details.
The stolen computer makes use of password-protection, which is not much protection at all.
Hindsight is 20/20, Encryption Would Have Been Great
If you look up Dr. Morris’s practice in Google Maps and Street View….well, I was raised in a major metropolitan city, so a dentist’s office looks out of place in that particular surrounding. However, there’s no reason why it shouldn’t have excellent facilities. In fact, the reviews I’ve found imply he’s a great dentist. (And, honestly speaking, for me, everything there looks out of place. The towing company’s lot across the street gives me the hibbie-jibbies for some reason.)
In terms of security, that particular location doesn’t look safe, physically speaking: the area is pretty remote-looking. The only light seem to be a single, solitary street lamp. A search shows the nearest police station a little over a mile away….meaning that even if the place was protected with services like ADT, the response time would leave a thief with plenty of time to run.
Make no mistake, I’m pretty sure it is safe, generally. But, if someone were to be planning a burglary, that particular location has some pretty ideal conditions, at least from this side of the computer screen: quiet street; no reason for people to stick after dark; dark surroundings…
If it were up to me, I would have made sure that encryption software like AlertBoot were protection my computers. But then, it really is a case of hindsight, isn’t it?