One employee has been fired and three others have resigned in connection with the theft in late December of backup computer tapes and disks containing personal information and the medical records of about 365,000 hospice and home health care patients from a parked car in Portland, Oregon.
In an announcement late last week, Providence Home Services, a division of Seattle-based Providence Health System, said the four workers left the company after “a confidential and thorough internal review process of the data storage procedures that led to the theft.”
The theft took place December 31, when a Providence Home Services IT department worker took backup tapes and disks home in his car as part of the home health care division’s regular backup protocol. The disks and tapes were stolen after they were left in the employee’s car overnight. The division has since discontinued that backup procedure and brought in more traditional means of protecting data.
Some of the data on the tapes was password-protected at the application level, while the rest was stored in proprietary file formats without password protection. After the incident, the company decided to make all of its data more secure by using additional technologies, including encryption.
Providence said it has received no verified reports that the stolen data has been used illegally.
The health care group has also reached a deal with security vendor Kroll to provide Kroll’s ID TheftSmart credit monitoring and restoration services for free to those affected by the theft.