[00:00.0 - 00:02.2] Breach notification letters have been sent [00:02.2 - 00:07.2] to 28,434 patients who received services [00:07.2 - 00:10.4] at CHCS before the summer of 2016, [00:10.4 - 00:12.3] informing them of the breach. [00:12.3 - 00:16.1] The breach was only discovered on November 7th, 2017, [00:16.1 - 00:19.3] but the data theft occurred more than 17 months ago. [00:19.3 - 00:23.5] The former employee was terminated on May 31st, 2016, [00:23.5 - 00:26.4] with the data downloaded onto a personal laptop [00:26.4 - 00:28.5] after the individual was fired, [00:28.5 - 00:31.6] according to a recent CHCS press release.
[00:31.6 - 00:33.8] The breach came to light during discovery [00:33.8 - 00:38.4] in a litigation case between the former employee and CHCS. [00:38.4 - 00:39.8] No details have been released [00:39.8 - 00:41.6] about the nature of the litigation. [00:41.6 - 00:43.8] The stolen documents contained a wide range [00:43.8 - 00:46.2] of highly sensitive data on patients, [00:46.2 - 00:48.2] including adults and children.
[00:48.2 - 00:50.6] The data included names, dates of birth, [00:50.6 - 00:53.6] addresses, social security numbers, [00:53.6 - 00:57.8] dates and types of services, medical record numbers, [00:57.8 - 01:02.6] referral information, progress notes, medical diagnoses, [01:02.6 - 01:06.2] medications prescribed, treatment plans, [01:06.2 - 01:08.8] laboratory and toxicology reports, [01:08.8 - 01:12.2] death certificates, autopsy reports, [01:12.2 - 01:15.2] discharge dates, death summaries, [01:15.2 - 01:17.7] and collateral hospital information. [01:17.7 - 01:20.4] The reason why the former employee took the data, [01:20.4 - 01:23.6] told the data is unclear, although it does not appear [01:23.6 - 01:27.0] that the information has been used for malicious purposes. [01:27.0 - 01:29.9] CHCS believes the information has not been shared [01:29.9 - 01:32.3] with any unauthorized individuals, [01:32.3 - 01:34.9] other than the former employee's attorneys.
[01:34.9 - 01:38.0] CHCS attorneys have also reportedly obtained [01:38.0 - 01:39.5] a copy of the data. [01:39.5 - 01:42.0] According to the CHCS news release, [01:42.0 - 01:44.1] patients are not believed to be at risk, [01:44.1 - 01:46.7] and there are no actions that need to be taken by patients [01:46.7 - 01:48.7] as a result of the breach. [01:48.7 - 01:51.9] Patients will be informed if the situation changes.
[01:51.9 - 01:54.4] A spokesperson for CHCS said, [01:54.4 - 01:57.4] Attorneys for CHCS are seeking a protective order [01:57.4 - 02:00.3] to prevent further disclosure of the information [02:00.3 - 02:02.7] and to verify deletion of the information [02:02.7 - 02:04.6] as soon as the court permits. [02:04.6 - 02:08.4] CHCS is also taking steps to ensure security is improved [02:08.4 - 02:11.9] to prevent future breaches of this nature from occurring. [02:11.9 - 02:13.2]
