Us healthcare provider Cancer Care Group has confirmed that information on around 55,000 patients and employees was stolen in a laptop bag last month.
The Indianapolis-based company said that back-up media containing patient demographic data including names, addresses and some details of treatment, was in the bag, which was stolen from an employee’s car.
“Cancer Care Group has taken a number of steps to help keep this from happening in the future,” said spokesman Clyde Lee. “Cancer Care Group is encrypting all mobile media, updating policies and procedures, upgrading data storage technology, and re-educating our workforce on safety with mobile media."
With over 20 radiation therapy facilities throughout Central Indiana, the Cancer Caregroup is one of the largest privately owned radiation oncology groups in the United States. The company is the latest in a line of US healthcare companies to suffer a data breach.
HealthcareITNews notes that the Cancer Care Group data breach was the fourth largest in 2012 in terms of individuals affected (55,000), behind incidents involving the South Carolina Department of Health (228,000), Emery Healthcare (315,000) and Utah Department of Health (780,000).
Health trusts in the UK, including the NHS, have a similarly poor record when it comes to data breaches, possibly due to the large amounts of sensitive data involved.
The Information Commissioner’s Office handed a civil monetary penalty of £325,000 to Brighton and Sussex University Hospitals NHS trust in June after patients’ medical records were sold on hard drives on an internet auction site in October and November 2010.