A former employee had been grabbing an estimated 15,000 files containing patient’s medical and personal information for six months. She had been confronted by the business, Rodeo Drive Plastic Surgery Clinic, with allegations of embezzling, which resulted in her quitting mid-March. They would have never known the scale of this problem if she hadn’t accidentally dropped her “lost” company phone, while she was escorted off the of premise for violating a trespass order. With a series of very fortunate events, they had been able to get her lock code and see the immense amount of damage she had done over the months of her employment. The company phone had shown pictures of patient records, patient IDs, post-op reports, and credit card information. As well as, candid photos of the patients and videos of their procedures.
On May 1st, a burglary had taken place at their Palmdale location. Which left Rodeo Drive Plastic Surgery Clinic without every bit of their patient files. Hard drives and iPads around the building were all gone. Fingers are pointed in the direction of the former employee after noticing items of hers had also been taken during the burglary. Yet, expensive cameras and prescription medications were left untouched.
With almost all their information gone, the office is having a very hard time notifying the patients that were affected. Their patients come from all areas of business and are high profile clientele.
Another wake up call to continuously monitor all authorized user activity and never store protected Healthcare Information onsite. The legal and regulatory ramifications are going to be huge… Too bad they didn’t have Effortless.