Patient Data Exposed After Laptop Theft
When will they learn? A Massachusetts-based neurosurgeon had his unencrypted laptop stolen during a lecture tour in South Korea, putting more than 3,500 patients' most sensitive data at risk.
More than 3,500 patients who received care at the Massachusetts Eye and Ear Infirmary are finding out this week that their most sensitive personal information was compromised in February when a physician's laptop was stolen during a trip to South Korea.
Officials at the teaching hospital for Harvard Medical School said the theft occurred back in February when Dr. Robert Levine, a neurologist specializing in the treatment of tinnitus, was in South Korea during a lecture tour.
Data collected from Levine's patients between Feb. 3, 1988 and Feb. 16, 2010 was lost in the heist. The information included everything from patient names, addresses, birth dates, medical records, diagnoses, phone numbers and pharmacy insurance account numbers.
Thus far, it appears that patient social security numbers, banking and credit card numbers and other financial data were not lost. Regardless, the hospital is offering one year of free credit-monitoring services for all affected individuals.
"Mass. Eye and Ear apologizes to those affected for any concern, inconvenience, or risk that this incident may cause," John Fernandez, Massachusetts Eye and Ear president and CEO, said in a statement. "We regret that this incident occurred and are taking appropriate steps to protect individuals associated with Mass. Eye and Ear who may have been affected by this breach and to limit or prevent where possible such breaches in the future."
Hospital officials said the computer was password protected, but the data contained on the laptop was not encrypted. The laptop did have a tracking device that allowed officials to permanently disable the hard drive on April 9.
This latest incident is just another example of how hackers and garden-variety thieves are targeting hospitals, doctors and medical billing companies because of the rich fount of personal data that can be had with relatively little risk or security obstacles.
Earlier this month, John Muir Health in Walnut Creek, Calif. began warning some 5,000 patients that their data had been exposed when a pair of laptops were snagged from the hospital's prenatal clinic.
Massachusetts Eye and Ear Infirmary officials said the hospital will install encryption security technology on all of its laptops and conduct educational seminars for staff to ensure that proper security procedures are followed in the future.
A recent survey by independent research firm the Ponemon Institute found that more than 600,000 laptops and 800,000 storage devices were lost or stolen in 2009.