McKesson: Stolen Computers Contain Patient Information
Execs at the health-care services company are unsure how much identifying information was contained on the patients documented in the missing machines.
Health-care services company, McKesson, is alerting thousands of its patients that their personal information is at risk after two of its computers were stolen from an office.
The company, which helps pharmaceutical manufacturers set up assistance programs for patients in need, sent out a letter alerting patients that the computers were stolen on July 18. The names of the people being alerted were on one of the two PCs, but it's not known how much of their accompanying identifying information was also contained on the machines.
"Your personal information may have been on one of the two computers that were stolen from a McKesson office," wrote Patrick Blake, president of McKesson Specialty Pharmaceutical, in the letter to one patient. "At this point, we have not determined if your personal information was on either stolen computer. However, we are taking the precaution of notifying every patient whose information might have been on the computers, just to be safe."
A spokesman for McKesson did not return phone calls requesting comment, but a company representative on the McKesson hotline said "thousands" of patients were affected and letters were sent to everyone who had at least a name on one of the machines. It's possible that identifying information, including addresses, prescribed medications, dosages, Social Security numbers, and dates of birth, also were contained on the computers. The loss appears to affect both current and former patients.
The company representative said it's not clear if the data on the machines was encrypted. Local police and the FBI have been called in on the investigation.
Blake's letter suggested that those contacted put a fraud alert on their credit files. The representative on the McKesson hotline said the company would give customers a year of free credit reporting if they requested it.
"We also have taken steps to ensure this doesn't happen again by increasing and improving employee understanding and awareness of corporate security policies and procedures, policies for handling patient data, and company security processes," wrote Blake. "We deeply regret that this incident occurred."
The hotline number is: 866-554-6366.
The impact of data theft is usually severe when health-care companies are involved. Earlier this year, a laptop was stolen from a secure office in a Texas hospital group, putting identifying information on 7,800 patients without health insurance at risk. The Seton Family of Hospitals reported in February that a security camera captured video of a thief carrying out a laptop and a projector. The laptop contained identifying personal information such as Social Security numbers, dates of birth, and insurance program numbers.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.