Aspire Indiana, a nonprofit community mental health center based in Noblesville, has notified approximately 45,000 patients that their data may be compromised after several laptops were stolen from its administrative offices.
The burglary occurred Nov. 7. Aspire Indiana notified law enforcement and began a data forensic investigation. The investigation is still ongoing, but it has revealed that emails stored on the laptops may have contained names, addresses and Social Security numbers for employees and a "limited number" of clients, according to a news release. Additionally, clients' medical record numbers and "limited" personal health information related to internal business purposes may be contained on the laptops. No electronic medical records were on the laptops.
Aspire Indiana says there is no evidence that any of the compromised information has been misused.
"Our organization is committed to maintaining the privacy and security of the personal information in our control, and we sincerely regret this incident occurred," said Rich DeHaven, president and CEO of Aspire Indiana. "We have taken steps to enhance our security, including upgrading our alarm and security systems. We remain committed to continually improving our IT and physical security to further protect our data and our clients."
More articles on data breaches:
The hospital's guide to getting hacked
In breach event, to whom should CISOs report?
Anthem breach stemmed from weak login security