I was originally pointing readers to HealthITSecurity.com for APDerm’s statement, but I just checked email and see that APDerm sent me their statement, so I’m reproducing it here:
December 27, 2013 – Along with protecting our patients’ health and safety, protecting their privacy is our highest priority. In 2011, we were victims of a crime and a computer flash drive was stolen. The stolen information did not include any financial information or sensitive health information. We reached out to every patient that may have been affected and have worked diligently to put measures in place to ensure the safety and security of our patient’s information.
Today’s settlement announcement was as a result of the 2011 incident. We are disappointed with the amount of the settlement given that the flash drive was never used to anyone’s knowledge, nor did it contain financial information that could be used to harm anyone. We have agreed to pay the settlement amount rather than incur the additional costs of a hearing.
I’m not sure what they consider “sensitive health information,” but note that the flash drive had reports on patients’ skin cancer surgeries as well as consultation notes to their doctors. As APDerm noted, there were no Social Security numbers, health insurance numbers, or financial information on the flash drive that had been stolen from an employee’s car at her home.