A stolen laptop has put thousands of former patients of two Minnesota medical care providers at risk of identity theft. A laptop containing the personal identifiers and other private information of approximately 14,000 patients of Fairview Health Services and 2,800 patients at North Memorial Medical Center, both of Minneapolis, was stolen out of a locked car located in the parking lot of a Minneapolis restaurant.
What's worse? The data on the computer was not even encrypted. In this electronic age, there's simply no excuse for massive amounts of personal identifiers not to be encrypted.
What's worse than that? The medical care providers knew of the stolen laptop mere days after it was stolen on July 25 but are just now taking steps to inform the patients of the privacy breach. Two months worth of proactive measures are now lost to these victims.
"Obviously, we take this event seriously," said Dr. Mark Werner, one of the senior physician leaders at Fairview. "It's deeply regrettable."
Obviously not. Or you would have informed these patients whose identities your company exposed much, much sooner. Just this week, two months too late, letters are being sent to those potentially affected, informing them of what happened and offering free services to protect them from identity theft.
The medical care providers claim "there's no evidence that the information has been misused." Well, of course there's no evidence of any misuse. You've kept the only people (other than the identity thieves) that would know of the misuse in the dark for the past two months. Its very likely the identity thieves have already run amok using the credit histories of their victims and, if the victims are even aware of the theft of their identities, they have not linked the crime to the gross negligence of their medical care providers in failing to properly secure their personal identifiers.
Give it a few more months (assuming those letters really do go out this week) and I bet there will be truckloads of "evidence of misuse".
To those unfortunate victims of Fairview Health Services and North Memorial Medical Center, you need to check your credit reports, aggressively dispute any errors (whether resulting from identity theft or not) and then hire an attorney versed in the intricacies of the Fair Credit Reporting Act to represent you against the medical care providers who breached your trust and against any credit bureau or furnisher who refuses to correct your credit histories. If you need the name of a good FCRA attorney in Minnesota, contact me and I will be happy to provide one.