Premier Healthcare, a Bloomington, Ind.-based physician-led multispecialty provider healthcare group, has reported a possible data breach that could affect more than 200,000 patients after a laptop containing patient information was stolen.
Premier Healthcare announced the possible data breach in a statement on its website Tuesday. The healthcare organization said Premier personnel discovered January 4 that a laptop had been stolen from the billing department, located in a locked and alarmed administrative office.
The laptop was password-protected but was not encrypted, and emails stored on the laptop’s hard drive contained some screenshots, spreadsheets, and pdf documents that were used to address billing issues with patients, insurance companies, and other healthcare providers, Premier stated.
The documents contained various combinations of patient demographic information, such as name, address, date of birth, medical record number, insurance information, and/or some clinical information for 205,748 individuals, Premier said. For 1,769 of those individuals, social security number and financial information could also potentially be accessed on the laptop.
While there is no evidence to indicate that the information on the laptop was the target of the theft or that any of the information has been accessed or used for fraudulent purposes, Premier said it took immediate steps to investigate and attempt to recover the laptop, including filing a police report and notifying patients. To date, neither Premier nor law enforcement has been able to locate the stolen laptop or identify the perpetrator, the organization said.
“Premier has taken a number of steps to help keep this from happening in the future,” the organization said in its statement. “Premier has begun the process of encrypting all of its computers. Premier also is reviewing its processes and protocols to better protect against a similar laptop theft from occurring in the future. If the perpetrator's identity ever becomes known to Premier, it will seek to prosecute that person to the fullest extent allowed.”
