U.S. HealthWorks Data Breach (2015)

U.S. HealthWorks, a California-based health care service provider specializing in urgent care and occupational medicine, recently alerted employees to a data breach after a password protected (but unencrypted) laptop was stolen in April. According to its website, the company operates over 200 locations in 20 states and has 3,600 employees, but it was unclear in the notification of the breach exactly how many people may be affected. The letter explains how an internal investigation began shortly after the company was notified on April 22, 2015, that a laptop issued to an employee was stolen from their vehicle overnight. "On May 5, 2015, we determined that the employee's laptop was password protected, but it was not encrypted. After conducting a thorough review, we determined that the laptop may have contained files that included your name, address, date of birth, job title, and Social Security number. Although we continue to work with law enforcement, at this time, the computer has not been located," U.S. HealthWorks said in its notice letter to employees. The company did not confirm whether any personal information has been accessed or used inappropriately, but it said it will offer employees free enrollment in identity protection services for one year as a precautionary measure. U.S. HealthWorks reported efforts to ensure compliance to its laptop encryption policy going forward, including an enhancement to deployment procedures for laptops and full disk encryption. With the number of security breaches on the rise, the importance of organizations controlling and protecting data is critical. "If you have laptops in your enterprise environment, and let's face it who doesn't, you need to address this issue. In this day and age there really isn't a good reason to not encrypt the hard drives on your laptops," wrote Forbes contributor Dave Lewis in a post Monday (June 1).