Senior Health Partners, a New York City-based managed long-term-care Medicaid and Medicare plan, has reported that 2,700 of its members have had their personal healthcare records stolen and possibly compromised.
The company, a subsidiary of Healthfirst, a New York health insurer, said in a news release that it began notifying affected members Jan. 30, 2014. The personal data involved in the breach resided on a smartphone and an encrypted laptop computer stolen Nov. 26, 2014, from the apartment of a nurse employed by Premier Home Health, a business associate of Senior Health Partners.
Encryption normally would prevent a random thief from accessing such data, but the key to break the encryption also was stolen in the laptop bag taken from the apartment, according to the statement.
“SHP is reviewing and updating its policies and procedures, and those of its business associates, to prevent a similar incident from recurring,” the statement said.
The data on the devices included members' names, addresses, Social Security numbers, dates of birth, phone numbers, diagnoses and types of medical services that had been rendered, as well as Medicaid ID numbers and health insurance claims numbers.
Affected Senior Health Partners plan members will receive one year of free identity protection, credit monitoring and restoration services, access to an assistance line and an identity-theft protection specialist, according to the statement.
At the end of last year, nearly 1,200 breaches exposing the medical records of 500 or more individuals each had been reported to the publicly accessible “wall of shame” website kept by the Office for Civil Rights at HHS.
Since September 2009, the records of more than 41.6 million individuals have been exposed in 1,186 breaches (involving 500 or more individuals' records) reported to the Office for Civil Rights and posted to its “wall of shame” website.
Follow Joseph Conn on Twitter: @MHJConn