Boston Children's Hospital recently notified patients that a hospital laptop had been stolen, resulting in a possible security breach.
"The laptop computer was in the possession of a Boston Children’s staff member attending a conference in Buenos Aires, Argentina," writes Dark Reading's Brian Prince. "The laptop was password-protected but not encrypted. A file containing patient information had been sent to the laptop as an email attachment. It was determined that although the file was not saved to the laptop's hard drive, it was still on the laptop as an email attachment at the time of the theft."
Patient information in the file included the names, medical record numbers, dates of birth, diagnoses, procedures, and dates of surgery for 2,159 patients. The hospital says no patient financial data or Social Security numbers were involved.
"The hospital notified patients and their families of the breach by e-mail," writes The Boston Globe's Chelsea Conaboy. "Hospitals are required to notify the media when there is a breach of patient information affecting more than 500 people in one state."
"Boston Children’s takes this incident and the protection of protected health and personal information extremely seriously," Daniel J. Nigrin, MD, MS, Boston Children's Hospital's senior vice president for information services and chief information officer, said in a statement. "We take great measures to ensure that Protected Health Information is never inadvertently released, and we are undertaking additional steps to prevent breaches such as this in the future. We deeply regret and apologize for any concern or inconvenience this situation may cause our patients and families."
"The state is no stranger to healthcare data breaches," notes FierceHealthCare's Alicia Caramenico. "In fact, more than 200 healthcare data breaches have affected almost 980,000 people in Massachusetts over the past four years, according to a report [PDF file] last month from the state's Office of Consumer Affairs and Business Regulation."