Data losses at two healthcare organizations were listed among the top six most serious information security breaches of 2011, according to a privacy advocacy organization — and both involved the theft of electronic data storage devices.
The two losses reported in the Privacy Rights Clearinghouse’s “Top Half Dozen Most Significant Data Breaches in 2011” included a laptop containing unencrypted data on 3.3 million patients stolen from Sutter Medical Foundation in Sacramento, California, and the theft of backup data tapes from a vehicle in San Antonio, Texas, containing health information for veterans and military families from Tricare Management Activity and Science Applications International Corporation (SAIC).
“Medical breaches are particularly significant and harmful because of the sensitivity of personal information exposed,” the PRC report said. “These breaches highlight some important lessons, among them the need for strict privacy and security policies; the importance of data retention policies; and the need for data to be encrypted.”