Senior Health Partners, a New York health care provider, sent breach notification letters to over 2,500 members after it learned about the theft of a laptop and smartphone owned by a nurse employed by a business associate.
The nurse’s laptop was encrypted, but the encryption key was in the laptop bag, which was stolen with the laptop. The smartphone was not encrypted or password-protected.
The potentially compromised data included email address, patient name, demographics, Social Security Number, Medicaid ID, date of birth, diagnosis and treatment information.
This case stresses the importance of encryption and smart practices around encryption procedures.