Alaska Department of Health and Social Services Data Breach (2012)

While investigating a data breach in which a portable electronic storage device that may have contained electronic personal health information was stolen from the vehicle of a DHSS employee, HHS found that the department did not have adequate policies and procedures in place to safeguard ePHI. According to the report, evidence suggested that DHSS had not completed a risk analysis, implemented sufficient risk management measures, conducted security training for its workforce members, established device and media controls or addressed device and media encryption.