Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
February 7, 2018
Company: Nevro
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
500

 Nevro was recently the victim of a criminal break-in at our corporate headquarters in which several laptop computers were stolen. Nearby businesses were also targeted by the same perpetrators, who stole laptops from those businesses as well. Nevro has been unable to recover the stolen laptops on which limited information relating to you has been stored. Nevro has no indication that these laptops were stolen in order to acquire the data on them, nor any indication that the data on the laptops has been accessed or used in any way. All the stolen Nevro laptops were password-protected, although not all were encrypted. Because limited information about individual customer treatment relationships with Nevro was stored on one or more of the stolen laptops, and applicable state law considers this type of information sufficient to warrant a notification, we are reaching out to advise customers of these equipment thefts.

What Information Was Involved? Limited categories of information about certain patients who use Nevro’s HF10 therapy were contained in files stored on one or more of the unencrypted laptops. The categories of information varied by file or patient, but the data fields were limited to patient name, street address, birth date, procedure date, medical device identifiers (such as serial number), and contact information for the patient’s physician or other medical provider. Nevro does not possess, and none of these laptops contained, sensitive identifying information such as Social Security or other government-issued identification numbers or credit card or financial institution information. None of these laptops contained treatment or medical information other than the information directly related to the fact of the use of the device.

Information Source:
Security Breach Letter
Date Made Public:
January 29, 2018
Company: Nevro
Location: Dublin, Ohio
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1

What Happened? Nevro was recently the victim of a criminal break-in at our corporate headquarters in which several laptop computers were stolen. Nearby businesses were also targeted by the same perpetrators, who stole laptops from those businesses as well. Nevro has been unable to recover the stolen laptops on which limited information relating to you has been stored.

We have no indication that these laptops were stolen in order to acquire the data on them, nor any indication that the data on the laptops has been accessed or used in any way. All the stolen Nevro laptops were password-protected, although not all were encrypted. Because limited information about your treatment relationship with Nevro was stored on one or more of the stolen laptops, and applicable state law considers this type of information sufficient to warrant a notification, we are reaching out to advise you of these equipment thefts.

 

What Information Was Involved? Limited categories of information about certain patients who use Nevro’s HF10 therapy were contained in files stored on one or more of the unencrypted laptops. The categories of information varied by file or patient, but the data fields were limited to patient name, street address, birth date, procedure date, medical device identifiers (such as serial number), and contact information for the patient’s physician or other medical provider.

Nevro does not possess, and none of these laptops contained, sensitive identifying information such as Social Security or other government-issued identification numbers or credit card or financial institution information. None of these laptops contained treatment or medical information other than the information directly related to the fact of the use of the device

Information Source:
Security Breach Letter
CSV