The City of Houston was the victim of a possible security breach involving employees’ group health insurance plan information protected by the Health Insurance Portability and Accountability Act of 1996.
On February 2, 2018, a laptop computer was stolen from the vehicle of a City employee. The theft was reported the same day. The password-protected laptop may have contained records including names, addresses, dates of birth, Social Security numbers and other medical information.
The City is exhausting all efforts to recover the stolen laptop and determine the extent, if any, of the information that may have been compromised, including investigations by the Houston Police Department and the Office of Inspector General.
The City has reinforced strong measures already in place to protect against breaches. HR professionals are trained not to remove laptops from City offices unless any sensitive data is encrypted.
Because one employee failed to follow his training, all employees authorized to work with group health plan data are being retrained to reinforce the prohibition against removing unencrypted data from the protections of City facilities.
Potentially affected employees, retirees, and their dependents will receive a letter notifying them of the potential breach. Because Social Security numbers were involved, it is recommended that those who receive a notice place a fraud alert on their credit files.
The City is also providing free credit monitoring and identity restoration services for one year to help protect personal information. Individuals who have any questions, need additional information, or any assistance from the City can call the toll-free number 1-855-288-3409.