California-based medical device company DJO Global is notifying an undisclosed number of individuals that a laptop computer containing some personal patient information was stolen from a locked car belonging to a DJO consultant.
How many victims? Undisclosed.
What type of personal information? Names, phone numbers, diagnosis codes, DJO products received, dates the products were ordered and/or shipped, surgery dates, health insurer names, clinic names, doctor names, doctor addresses and doctor phone numbers. A “small handful” of Social Security numbers were also included.
What happened? A laptop computer containing some personal patient information was stolen from a locked car belonging to a DJO consultant. The car was parked at a coffee shop in Minnesota.
What was the response? A police report was filed. All of the personal information contained on the laptop was deleted. Steps are being taken to prevent a similar incident from occurring again. All potentially impacted individuals are being notified.
Details: The laptop was stolen on Nov. 7 and DJO Global determined on Nov. 21 that the personal information on the laptop was deleted. The information was not encrypted, but the laptop was protected by a password, and had other safeguards such as firewalls, anti-virus software, logical access control, and tracking/remote management software. The thief has not yet been caught.
Quote: “As of today, we have conducted a thorough investigation and have uncovered no evidence that any personal information has been misused,” according to a FAQ posted to the DJO Global website.
Source: djoglobal.com, “November 7th Security Incident;” oag.ca.gov, “California Notices Template,” Dec. 26, 2014; a SCMagazine.com correspondence with a DJO Global spokesperson.
