United Dynacare, LLC dba Dynacare Laboratories

On October 22, 2013, the covered entity (CE) learned that one of its employee’s car was stolen with a mobile data drive (“flash drive”) that stored a database with protected health information (PHI). The unencrypted flash drive contained the electronic PHI of approximately 9,328 individuals. The types of ePHI involved in the breach included patients’ names, addresses, birth dates, social security numbers, and gender. The CE provided breach notification to HHS, affected individuals, and the media. Following the breach, the CE sanctioned employees, improved safeguards related to encryption and mobile devices, updated and implemented policies and procedures, and retrained its workforce. The flash drive was recovered after the breach notifications were mailed. The forensic analysis of the recovered flash drive indicated that there was no evidence of unauthorized access of information. OCR obtained assurances that the CE implemented the corrective actions listed above.
Location of breached information: Other Portable Electronic Device
Business associate present: No