Symbius Medical Data Breach (2014)

On May 15, 2014, Symbius Medical became aware that five former sales representatives accessed the companys electronic records and downloaded health information to non-Symbius devices in the weeks leading up to their resignations from Symbius Medical and subsequent employment with a competitor. The former sales representatives were authorized to access certain health information as part of their employment, but their actions were in direct contravention of Symbius Medicals strict HIPAA policies and procedures. The electronic records may have included, among other information, full names, addresses, phone numbers, social security numbers, dates of birth, and medical diagnoses and treatments. We believe that the former sales representatives, and the competitors to whom the health information was disclosed, intended to use this information for medical supply sales activities, and not for fraudulent identity theft or credit purposes. Symbius Medical has undertaken a thorough investigation of this breach, which included third- party forensic computer analyses. Symbius Medical is also taking swift action to ensure that its HIPAA policies remain best practices to prevent similar breaches in the future. To that end, Symbius Medical continues to review and revise its HIPAA policies and procedures, implement additional technological and physical safeguards to its computer systems, offer additional HIPAA training, and modify personnel practices. To mitigate any potential harm, Symbius Medical obtained a court injunction against the former sales representatives and their current employer to cease using this patient information and to immediately return the stolen data, is contacting its competitors to whom health information was disclosed to immediately return this data, is offering one year of free Lifelock credit monitoring to our affected customers and is reporting this incident to the Secretary of the U.S. Department of Health and Human Services. We will fully cooperate with any investigation. For more information, please contact our HIPAA Privacy Officer, Natalie Franklin, or her designee, toll-free at (855) 263-4045 or via email at compliance@symbiusmedical.com.