Kathleen Whisman, M.D. Data Breach (2013)

The California Attorney Generals Office released yesterday a copy of a data breach notification letter sent by California physician Kathleen E. Whisman to patients after the San Ramon, Calif. Police Department alerted her on April 11, 2013 that her patients data was part of an identity fraud ring. PHIPrivacy.net reports that the breach originated in 1999 when Whisman lost a laptop that held an undetermined amount of data from patients in her care from 1998 to 1999. The breach notification letter, written by her attorneys, claimed that they can only speculate that the information on the suspects computer was removed from a recently stolen computer. In 1999, Dr. Whisman was changing billing companies and she believes that the patient information had been stored on the stolen computer to assist with this transition. While the circumstances around the data breach are not clear if and when this computer stolen or if she was aware of such an event what is clear is the type of patient information accessed. Compromised data included names, addresses, phone numbers, dates of birth, insurance plan information and Social Security numbers. Whismans attorneys stated that she was asked not to immediately alert patients of the data breach to avoid interfering with the theft ring investigation. She was allowed to send notifications in August. The breach has not been included on the Department of Health and Human Services (HHS) public breach list, and the letter sent to patients makes no mention of HHS notification, though information may have been sent. Patients were urged to check their credit reports and were offered free credit monitoring services. Whisman believes that her offices procedures make a future incident improbable. For PHIPrivacy.nets full article, click here.