Soundpath Health, Inc Data Breach (2011)

A laptop containing the protected health information (PHI) of approximately 7,581 clients was stolen out a workforce member's vehicle and subsequently used to access the covered entity's (CE) company server. The laptop contained clients' demographic information. After the incident, the CE performed a risk analysis of the specific breach occurrence. The CE provided OCR with a copy of its risk analysis, as well as its privacy, breach notification, and security policies and procedures. Following OCR's investigation, the CE performed a broader security risk assessment and encrypted all mobile media. The CE also developed and provided computer security training to its staff members.