The laptop contained protected health information for 629 patients who had received care at the hospital's emergency department between January 1 and August 26, 2013, including patients' names, birthdates, medical record and account numbers, providers, departments of service, beds and room numbers, dates and times of service, visit histories, complaints, diagnoses, procedures, test results, vaccines and medications.
The laptop did not contain addresses, Social Security numbers, or financial information.
"We have no reason to believe the laptop was stolen to gain access to patient information or that this information has been accessed or misused in any way," the hospital said in a statement. "In fact, the computer was configured in such a way that information could not be written to the hard drive. Email information, however, was stored on the hard drive and password protected but not encrypted, which was in violation of St. Mary’s Janesville Hospital policy."
In response to the breach, the hospital is instituting an information and re-education initiaitive to ensure that employees and providers protect patient information, and is inspecting all laptops to ensure that they have encryption software.
All those affected are being offered one year of free identity theft protection services from ID Experts.
Photo courtesy of Shutterstock.