Another day, another HIPAA breach of 34,000 patient records on an unencrypted USB drive. The drive was stolen from an employee’s locker at Redwood Regional Medical Group imaging center. According to a report:
The drive was stolen June 2 from an unlocked employee locker at the former Redwood Regional Medical Group imaging center at 121 Sotoyome Dr., according to St. Joseph Health, which operates the office.
The drive contained information on 33,702 patients who received X-ray services at the office over a five-year period between Feb. 2, 2009 and May 13, 2014, said Katy Hillenmeyer, a spokeswoman for St. Joseph.
St. Joseph Health took over the imaging center from Redwood Regional Medical Group on April 1. As part of the transition, the records were backed up to the drive as a precaution while they were being moved to Santa Rosa Memorial Hospital’s electronic medical records system.
Here is a quote that is ironic:
We take our obligation to protect our patients’ privacy very seriously,” said Todd Salnas, president of St. Joseph Health in Sonoma County.
If they take their obligation to protect their patients’ privacy very seriously they would not have used an unencrypted thumb drive! For less than $50 they could have purchased an encrypted flash drive and truly protected their patient’s privacy. Lip service to caring about their patients after they breached 34,000 just doesn’t cut it anymore.
The above product is just an illustration and not a product endorsement
The cost of a breach is estimated to be around $200 per record. They are looking at $6,800,000 of breach related expenses. $50, $100, even $500 on encrypted flash drives seems cheap relative to what this breach will cost them.