Main Street Clinical Associates, PA (“Main Street”) in Durham, North Carolina has provided notice of a data breach that potentially impacts regulators and individuals.
Main Street noted it has no confirmation that personal or protected health information was viewed without authorization and that it has taken action after becoming aware of the incident.
“On April 10, 2019, the building adjacent to Main Street’s office located in Durham, North Carolina suffered a severe gas explosion. The explosion forced Main Street’s employees to immediately evacuate their office without the opportunity to properly store and secure patient information.
“At the time of the evacuation, certain patient files in use were left open and the file room containing patient records was unlocked. Due to the nature and extent of the damage to the building, Main Street’s employees were prohibited from reentering the building until September 9, 2019,” says a press release.
“Upon reentry to the office space, Main Street discovered that looters had “unlawfully entered the office and stolen two laptop computers, a clinician’s cell phone, and a printer that stored patient information. The computers and the cell phone were password-protected, and the client files stored on them were also password-protected,” the release continued.
When Main Street learned of the theft from their office, they notified local police and filed a police report. Main Street took additional steps to investigate the potential scope of the incident and to protect against any potential misuse of the stolen devices, including changing the passwords and remotely monitoring for suspicious activity on the devices. The investigation into whether the devices have been accessed without authorization is ongoing.
According to the press release, the type of patient information that may have been accessed is:
- patient name
- driver’s license number
- Social Security number
- health insurance information
- diagnosis and treatment information
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/