The Atlanta Journal-Constitution reports that 826 patients' personal information may have been exposed when a laptop was stolen from an car at an Emory Healthcare dialysis clinic on February 7, 2014 (h/t PHIprivacy.net).

The car belonged to an employee of Health Systems Management (HSM), which operates the clinic.

The laptop was not encrypted and had a one-word password.


It contained full names for about half of the 826 patients and the first initial for the remaining patients, along with patient dates of service and graphs of blood flow tests. It did not contain Social Security numbers, birthdates, addresses or financial information.

"HSM has instituted process changes to protect against a similar event occurring in the future," Emory said in a statement. "Medical information stored on HSM laptops is required to be encrypted, as well as password-protected."

All those affected are being notified by mail.

Photo courtesy of Shutterstock.