Clinical Reference Laboratory Data Breach (2014)

Another one? Really, youd think the folks at Clinical Reference Laboratories (CRL) would have found a better way to mail packages by now. For the second time in six months, CRL is reporting a package damaged in the mail has created a data breach. This breach involved tests run in connection with Nationwide Insurance applications. A package shipped around February 6th was damaged while in the hands of the US Postal Service (USPS). We have determined that your personal information involved in this incident included your name, date of birth, the last 4 digits of your Social Security number and the type of lab test(s) conducted, CRLs Chief Compliance Officer David Porter wrote in a letter to potential victims. Porters comments dont divulge the number of individuals involved. Last October, the Lenexa, Kansas firm announced a damaged package containing invoices had leaked Social Security Numbers (SSN) for an unknown number of individuals. Those folks had applied for insurance from Massachusetts Mutual Life Insurance Company. At that time Mass Mutual refused to disclose the number of individuals involved or respond to any questions from idRADAR News regarding the breach. USPS practices include segregating and then destroying any documents that become separated from their original package. Still, CRL is offering patients a year of free credit monitoring. CRL has been in business for 30 years and processes 100 million tests annually. A data breach is probably unavoidable for a company this size but two of the same type in less than half a year is concerning. A comparison of breach letters from the October 2013 incident and todays breach announcement shows theres been not much progress in CRL breach mitigation. Some lost invoices from the 2013 breach included full SSNs on the invoices; it would seem that this latest breach involves only the last 4 digitsa slight improvement but as hackers know, the final 4 are the most useful ones. Hopefully, CRL will now figure out a better way to reinforce the packages it ships.