Cancer Care Group, P.C. (“CCG”), a radiation oncology physician group practice in Indiana, agreed to pay $750,000 for a breach of unsecured electronic protected health information (“ePHI”). CCG will also implement a corrective action plan.

The breach occurred in 2012 when a CCG employee’s unattended laptop bag was stolen from a car. The laptop bag contained computer server backup media with the ePHI of approximately 55,000 individuals. The computer server backup media was unencrypted, and the ePHI included names, addresses, dates of birth, Social Security numbers, insurance information, and clinical information. The employee’s computer was also in the stolen laptop bag, but it did not contain ePHI. (Continue Reading)