Confidential patient data sent to wrong company -- for 15 months
Doctors and clinics in the U.S. have been faxing information to an herbal remedy distributor
Computerworld - A small Lockport, Manitoba-based distributor of herbal remedies has for the past 15 months been mistakenly receiving faxes containing confidential information belonging to hundreds of patients with Prudential Financial Inc.'s insurance group. The data exposed in the breach -- and faxed to the company by doctors and clinics across the U.S. -- included the patients' Social Security numbers, bank details and health care information.
So far, at least, efforts to deal with the issue appear to have failed, said Jody Baxmeyer, vice president of marketing at North Regent RX, the company that's been receiving the faxes.
The situation has been caused by North Regent's toll-free fax number, which is nearly identical to one used by Prudential to receive medical claims-related information from doctors, Baxmeyer said. In fact, the two numbers differ by only one digit, Baxmeyer said.
As a result, North Regent's Lockport office has mistakenly received thousands of documents sent to the wrong fax number that involve more than 1,000 claims. The documents contain detailed patient medical histories, Social Security numbers and bank information meant for Prudential's insurance division.
Baxmeyer said his company contacted Prudential about the problem in October 2004 -- when North Regent first began operations -- and then followed up again in April 2005 when it had not heard back from the company. "Prudential's point of view was that, 'We are not the ones faxing the information,' which is ridiculous," Baxmeyer said. "They are the ones that solicited the business from doctors and clinics, and they are the ones setting up the protocols for receiving the information."
In a statement today, Prudential officials disagreed, saying the company cannot be held responsible for third parties who are sending the information to the wrong fax number.
"Prudential Financial's fax number is accurately listed on all of our forms and communications," the company said in an e-mailed statement. "Effective immediately, North Regent RX will forward to Prudential Financial all faxes it has received, as well as any it may receive in the future."
Initially, North Regent contacted the doctors' offices, clinics and even patients directly when it received a fax meant for Prudential. But the company doesn't have the resources to continue doing that, Baxmeyer said. "What happened was it became a point of distraction for us. It would have taken an effort that we were not capable of."
According to Baxmeyer, North Regent in April offered to sell its toll-free number to Prudential for a fee that included the costs of acquiring and publicizing a new toll-free fax number for North Regent. Another option it suggested
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts