Advocate Health Care marks the second largest HIPAA data breach since the breach notification rule was implemented in 2009, losing more than 4 million patient records in a theft of four unencrypted computers.
The data included personally identifiable patient information as well as clinical data, including diagnoses and health insurance information.
A senior vice president from Advocate acknowledged that the sensitive data shouldn’t have been stored on the computers’ hard drives, but instead maintained on their secure network. One of the steps they’re taking toward remediation includes mapping its computer and software systems in order to identify where patient data is stored, and how to secure it. This is also one of the first steps that should be taken toward data encryption – classifying sensitive data and then selecting a proper encryption method is next.