Georgia Department of Behavioral Health and Developmental Disabilities Data Breach (2014)

The Georgia Department of Behavioral Health and Developmental Disabilities (DBHDD) announced earlier this week that a laptop containing protected health information (PHI) of approximately 3,000 patients was stolen from an employees car on Aug. 14, 2014. The employee was attending a conference in Clayton County, Ga., and there is not yet any evidence that any confidential information has been accessed, according to the DBHDD statement. DBHDD is reinforcing our information security practices to protect against future data breaches, said Doug Engle, the departments director of information technology. While its impossible to ensure that a laptop will never be stolen, we are taking proactive steps to protect client information by reducing the risk of that information getting into the wrong hands. Those active steps include strengthening department policies and procedures related to PHI and also increasing training on security awareness regarding DBHDD-issued laptops, explained the DBHDD statement. Moreover, the department is also working to ensure that all laptops are encrypted and that PHI can only be accessed using a virtual private network (VPN). This would ideally prevent protected data from being stored on a laptop. DBHDD Chief of Staff Judy Fitzgerald added that the organization takes the confidentiality of client information very seriously and that DBHDD is constantly looking for ways to improve the system across all aspects of the organizations operations. The laptop was reportedly stolen from the employees parked car. The thief smashed a car window and removed the laptop, according to DBHDD. The organizations IT department is working with the local police, DBHDD explained, and a law enforcement investigation is underway. Furthermore, DBHDD is conducting an internal investigation. The PHI included names, addresses and phone numbers, dates of birth, names of guardian (if any), marital status, Social Security Numbers, Medicaid numbers, diagnoses, behavioral data and other information for 3,397 individuals receiving DBHDD-funded services. Clients or their guardians who may have had information compromised were notified by DBHDD through individual letters sent to them. According to DBHDD, patients were informed how to request free credit reports and request a free fraud alert on their credit report from federally-approved companies. Additionally, DBHDD provided a contact number in its statement for individuals to call if they wanted to know if their information had potentially been compromised.