Laptop Data Theft Exposes Patient Info
A stolen notebook PC -- containing the unencrypted data of thousands of patients -- underlines a need for stronger laptop security measures.
Officials at John Muir Health are in the process of notifying more than 5,000 patients that their personal information may have been compromised after a pair of laptops were stolen from the hospital system's perinatal clinic in Walnut Creek, Calif.
On Monday, John Muir Health officials began contacting 5,450 women to warn them that identity thieves may have gotten their hands on medical information and accompanying personal information sometime in February.
The laptops have yet to be recovered and though the patient files were password protected, they were not encrypted.
In January, more than 15,000 Kaiser Permanente patients also in Northern California had their data compromised when someone swiped an external storage drive for an employee's car.
In that case, the employee was eventually fired for violating the hospital's security policy banning workers from storing patient files on a personal storage device and removing the data from the hospital campus.
Aurora St. Luke's Medical Center in Milwaukee endured a similar data breach in December when a laptop containing the Social Security numbers and other personal information of 6,400 patients vanished from a locked office.
New legislation included in the 2009 federal stimulus plan requires healthcare providers to immediately report data breaches affecting more than 500 patients to the U.S. Health and Human Services Department or face fines up to $1.5 million per incident.
John Muir Health representatives were not immediately available to comment on the breach.
A security study by independent research firm the Ponemon Institute found that more than 600,000 laptops and 800,000 storage devices were lost or stolen in 2009.