United Home Care Services Data Breach (2013)

According to a spokesperson, on January 8, the billing manager took a laptop home with her, with permission. But on the way home, she stopped off to visit an ill friend for 10 minutes, leaving the laptop on the front seat of her locked car. In that short timeframe, someone smashed the window of the car and stole the laptop. The theft was reported to the organization on January 9. UHCS reported the theft to the police and even hired a private detective to try to recover it. As of today, however, the laptop has not been recovered. Frustratingly for everyone, that laptop had password protection but no encryption as it was one of the last remaining laptops scheduled to be updated to add encryption. It took the agency time to compile exactly what information was on the laptop, but using a roaming profile, they were able to determine that data on clients going back to 2002 were on the device. For some clients, the information may have been just a name and address, while for others it may have been name and date of birth, or name and Social Security number. According to the spokesperson, there were very few diagnostic codes or treatment service codes on the laptop. All told, records on 1,318 United Home Care Services of Southwest Florida clients and 12,299 clients of United HomeCare Services, Inc. were on the stolen laptop The 13,617 affected clients were sent a notification letter in February in compliance with Florida’s privacy rule that requires notification within 45 days. On March 8, they were sent a second letter to comply with HIPAA.